As of March 9th Symantec will only sell a maximum of 3-year OV (Organization Validated) and DV (Domain Validated) SSL Certificates. Maximum Validity of SSL Certificates Reduced to 3 Years. This restriction applies to new certificate issuance as well as renewals. Effective April 1, 2015, the CA/B Forum is reducing the maximum validity of OV and DV SSL certificates to 39 months in order to increase SSL/TLS security. Under these guidelines, no CA’s or their partners should offer greater than 3-year validity term OV/DV SSL certificates effective April 1, 2015.

This restriction applies to new certificates and any re-issues. If you need to re-issue your SSL certificate after 1 April 2015 the re-issued certificate will have a maximum validity of 39 months. Acmetek will stop selling 4 year SSL certificates on 9th March 2015.


If the maximum validity is 3 years why is the restriction 39 months?

No we haven’t got the math wrong. When renewing a certificate you can receive up to a maximum of 3 months additional validity added to your certificate depending on the remaining time on your current certificate. If you renew early enough you will get a certificate valid for 39 months.

Can I still purchase 4 year SSL Certificates?

You can purchase 4 year certificates up to 31 March 2015. After this date the maximum duration will be 3 years. Please also refer to the next question.

Can I re-issue a 4 year SSL certificate?

All certificates come with unlimited re-issues. However if you re-issue your certificate after 1 April 2015 and it has more than 39 months remaining then the validity will be truncated to 39 months. If you have 4 year certificates ensure you back-up the keys to prevent the need to re-issue and losing any validity period over 39 months.

Can I re-issue a certificate that is older than 39 months?

The CAB Forum has also stated that the 39 month restriction applies to vetted data. This means if you order a 4 year certificate you will only be able to re-issue it during the first 39 months (and with a validity period of no more than 39 months).

What is the maximum validity period for EV certificates?

This remains at 27 months. 24 months plus up to 3 months extra for early renewals.

Where can I find out more information about the CAB Forum Guidelines?

For the current CA/Browser Baseline Requirements v1.2.3 (16 October 2014). Specifically see Section 9.4 for validity period changes.
For all SSL Support/Inquiries, please contact us @: websitesecurity@acmetek.com

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

About The Author