Effective April 1st, 2015, the CA/B Forum is reducing the maximum validity of OV (Organization-Validated) and DV (Domain-Validated) SSL Certificates to 36 months in order to increase SSL/TLS security. Under these guidelines, no CA or their partners should offer OV/DV SSL Certificates with a term of validity greater than 3 years. As of March 9th, 2015, Symantec will only sell OV and DV SSL Certificates with a maximum validity of 3 years. This restriction applies to new certificate issuance as well as renewals. Beginning April 1st, 2015, if you need to reissue your SSL Certificate, the maximum validity allowed will be 36 months.
If the maximum validity is 3 years, then why is the restriction 39 months? When renewing a certificate you can receive up to a maximum of 3 months additional validity for your certificate depending on the time remaining before your certificate expires. Early renewal may allow for a 39 month validation.
Can I still purchase 4 year SSL Certificates? You can purchase 4 year certificates up to March 9th, 2015. After this date, the maximum duration will be 3 years.
Can I reissue a 4 year SSL certificate? All certificates come with unlimited reissues/replacements. However, if you reissue your certificate after April 1st, 2015, and it has more than 39 months remaining, then the validity will be truncated to 39 months. If you have 4 year certificates, ensure you backup the keys to prevent the need to reissue or lose any validity period over 39 months.
Can I reissue a certificate that is older than 39 months? The CA/B Forum has also stated that the 39 month restriction applies to vetted data. This means if you order a 4 year certificate, you will only be able to reissue/replace it during the first 39 months (and with a validity period of no more than 39 months). SSL Certificates are to be restricted to 3 Year Validity from April 1st, 2015.
What is the maximum validity period for EV certificates? This remains at 27 months; 24 months plus up to 3 months extra for early renewals.
Where can I find out more information about the CA/B Forum Guidelines? For the current CA/Browser Baseline Requirements, please visit https://cabforum.org/documents/ (see Section 9.4 in Baseline Requirements for validity period changes).
Please contact CertCenter with any questions