Education Center

What is the Maximum Validity Period of TLS/SSL Certificates?

TLS/SSL certificates cannot be issued for more than 13 months (397 days), as announced by popular browsers, like Google and Apple at CA/Browser Forum in March 2020. This has reduced the certificate validity period from three or two to just over a year. From a security standpoint, shrinking certificate validity is beneficial for two reasons primarily: 

  • Faster implementation of updates: Shorter validity period facilitates algorithm upgrades, and faster certificate and key replacements, especially during malicious cyber-attacks. The less time required to deploy changes and updates, the lower is the security risks. A longer certificate lifespan means it would take a long time to set up updates, for instance, the transition from SHA-1 to SHA-2 took almost three years, which increases security threats. 
  • Validating identity: The purpose of digital certificates, like TLS/SSL certificates, is to verify the identity of the website or website owner. A longer certificate lifespan means long expiration of validation, which fuels the exposure to security lapses. 

2023 EMA Report: SSL/TLS Certificate Security-Management and Expiration Challenges