sslsd-logo
sslsd-logo

CA|B Forum Passes Ballot 193 – Deprecation of 3 Year SSL Certificates

Cab forumThe CAB Forum (CA Forum) is the governing body that moves the security of the internet with SSL Certificates. The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the web sites they visit by leveraging the capabilities of SSL/TLS certificates. The Ballots they pass together are geared to propelling the internet into a more safer environment.

What was passed in Ballot 193?

  1. Maximum SSL validity period will be restricted to 2 year (825 days / 27 months) effective March 1, 2018.
  2. Authentication domain and organization vetting will only be valid for 27 months effective April 22, 2017

What does this mean?

  • Eventually there will be no more 3 year option for SSL/TLS Certificate enrollments.
  • Some CA’s will be proactive and not wait until the March 1 2018 to stop issuing 3 year certificates.
  • Network Administrators will have to visit there server systems more often.
  • Some browsers may enforce this validity by throwing up errors or warnings if a certificate has a validity of over 3 years. Although the CA Forum states this applies to only new and reissued certificates after March 1st 2018. Chrome for example, likes to enforce things thinking they own the internet outside the Migration Standards of the CA Forum.

Since the technical validity of a certificate after the date of March 1, 2018 can only have a 27 month / 825 day lifespan if for whatever reason a reissue is needed the certificate may have time removed from their certificate.
Example: If an Admin gets a new/renewed 3 year certificate on February 29th 2018 and needs to perform a reissue due to a technical matter we could see a certificate cut to 27 months instead of 37 months.

Recommendations:

  • Plan ahead and consider already getting a two year certificate.
  • If you still want to get a 3 year certificate give yourself enough time (a couple of months) to enroll and install your SSL Certificate. Certificates issued before March 1, 2018 will be grandfathered in but a new or reissued certificate will have to meet this standard regardless of time on initial certificate.

To keep up with the progress of technology the CA/Browser Forum is always coming up with new industry standards. These standards guide and move the internet to a more safer and secure environment for its users. Information regarding the CA/B Forum on is always made publically available at cabforum.org

Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!

Recent Posts

S/MIME for Outlook O365 Windows

August 14, 2023

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

May 22, 2023

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

June 3, 2021

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »

Choose your SSL Plan

Basic Security Plan

Standard Security Plan

Enhanced Security Plan

Quick Support

About Us

CSR Generation Instructions

SSL Installation Instructions

SSL Glossary

SSL Brands

DigiCert SSL Certificates

GeoTrust SSL Certificates

Thawte SSL Certificates

RapidSSL Certificates

Sign up for Article Updates

Get latest updates related to PKI, SSL and Digital Security Delivered Directly to your inbox.

Facebook-f Linkedin-in Twitter
© 2024 Acmetek All Right Reserved. Legal Terms of Use | Privacy Policy