Time Is Running Out for 2-Year TLS/SSL Certificates

It shouldn’t come as a surprise that we are talking about TLS/SSL digital certificate lifespan again; after all, the industry has been mandating a shorter lifespan for TLS/SSL certificates for the past few years. It is good security practice to use short-lived certificates, as it reduces cyber risk for organizations by shortening the window of opportunity for hackers if the certificate keys get stolen. Recently, Apple announced that, to improve web security for users, it is reducing the maximum allowed lifetimes of TLS server certificates to 398 days starting September 1, 2020. We anticipate that other browser providers, such as Google and Microsoft, will follow suit.

hand crossing off calendar date

So how will shorter lifespans for TLS/SSL certificates affect you?

If you have a valid TLS certificate issued for a two-year validity period before September 1, 2020, it will be valid for the lifespan of the certificate. This mandate will only affect new certificates issued on or after September 1, 2020; any certificates issued before that date will not be affected by this change.

All public certificate authorities are preparing their systems to restrict the issuance of TLS certificates to only one-year validity in compliance with the new mandate. Effective August 14, 2020, HID IdenTrust™ will no longer accept applications for TLS/SSL certificates with a two-year validity period.

Time is running out, but you can still purchase IdenTrust TLS/SSL certificates with a two-year validity period before September 1, 2020.

To purchase TLS/SSL certificates now, visit our IdenTrust certificate wizard.

Get the latest blogs on identity and access management delivered straight to your inbox.

Mrugesh Chandarana is a Senior Product Manager in Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).