News | SwissSign
A data security specialist by Swiss Post

Main section


Validity periods of SSL certificates are becoming shorter and shorter

To protect websites and to ensure secure communication with servers, so-called SSL certificates are used. For many years the SSL certificates have been subject to the specific requirements of the CA Browser Forum, an internet standardisation group consisting of representatives of browser manufacturers (e.g. Microsoft, Google, Mozilla) and certificate providers, for example SwissSign.

The standards are now also being incorporated in the US norms (Webtrust) and EU norms (ETSI), according to which SwissSign is certified, too. In turn, compliance with the norms is demanded by the legislator so that a certificate provider is also accredited for the respective legislation.

The maximum validity period of SSL certificates today is three years. The CA Browser Forum has now decided to shorten the validity periods because shorter validity periods also mean more security. A few years ago, validity periods were still up to 5 years, but from March of next year these will be only 2 years for all SSL certificates, as is already the case today for the SSL EV certificate, the securest of the SSL certificates.

The trend is clear: according to the wishes of the browser manufacturers, certificate validity periods of 3 months or a maximum of one year will be the target. Since the main costs of a certificate today are for the application including the testing process and also the distribution and installation, these costs will, proportionally, have an increasingly great effect with shorter validity periods. Today certificate manufacturers already “reward” their customers with discounts for long validity periods because, proportionally, certification authorities also save on costs for the extensive testing process. 

Consequently, shorter validity periods must be connected with savings both with the application and testing of the certificates and also with the roll-out including installation.

To save costs, SwissSign offers Managed PKI with SSL certificates and auto-enrollment. After a one-off testing process, the customer can obtain any certificate type around the clock in just a few mouse clicks. Thanks to a large partner portfolio of auto-enrollment solutions, it is even possible to automatically request and distribute certificates via automated interfaces according to the internet standard and, in most cases, this can be done without installing any installation software on the individual devices. The “self-managed” certificate, so to speak: sit back and feel secure, regardless of the validity periods.

What does this mean for you as a SwissSign customer?

Please note that an issuing of 3-year certificates is only possible until February, 28th 2018. Therefore, please submit your complete certificate request by February, 15th 2018 at the latest. After this date license codes for 3-year certificates can only be redeemed for certificates with a validity of 2 years. A refund will not be given. We follow the new rules of the CA Browser Forum.

Regardless of whether you purchase SSL certificates individually in the web shop or as part of an MPKI solution we will be happy to provide you with personal advice. The easiest way to reach us is via the contact form.