Skip to main content

TLS and SSL certificates will soon be valid for a maximum of 13 months

(Image credit: Image Credit: 377053 / Pixabay)

As of tomorrow, all TLS and SSL certificates (opens in new tab) will be valid for a maximum of 397 days (13 months), down from two years.

From September 1 onwards, all major browser and OS developers (Microsoft, Apple, Google, etc.) will consider two-year TLS/SSL certificates invalid, according to a Bleeping Computer (opens in new tab) report.

In short, this means if you still want to a certificate valid for two years, you had better purchase one today. Anyone that currently holds a TLS or SSL certificate valid for longer than 13 months need not worry – they will remain valid until their previously established expiry date.

Security professionals and browser developers have been advocating for a shorter lifespan for these certificates for a number of reasons, including greater security and the ability to ensure unauthorized users are not able to use them for too long.

The shorter certificate lifespace will also make for easier changes when security researchers find vulnerabilities in encryption algorithms and will prevent hosting providers or third parties from using a certificate long after a domain becomes inactive.

Despite resistance from certificate authorities (opens in new tab), Apple decided to proceed with the changes regardless - and Google and Mozilla quickly followed. As a result, certificate authorities were forced to agree and cut the best before date by almost half.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.