Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

SSL/TLS certificate validity update

13 August 2020 by Laura Valentine

SecurityEarlier this year at the CA/Browser forum Spring event, Apple announced that from September 1st the validity period for public SSL/TLS certificates would reduce from 2 years to 398 days. With this sentiment echoed by Google at the CA/Browser Summer event in June, it is now an industry-wide mandate 

Why has the certificate lifetime been reduced? 

Historically, the lifetimes of certificates have often been debated at these forums, with the arguments in support of shorter periods of validity grounded in security concerns. Amongst the benefits of shorter lifetimes is agility in reacting to any certificate-related threats. With certificates valid for shorter periods, theres a more limited timeframe for attackers to find and exploit a vulnerability.  

A successful attack that leads to a certificate being compromised can be particularly dangerous, providing a threat-actor with a greater level of network access than other routes. By replacing the certificate more regularly, the risk of a successful attack is greatly reduced.   

A shorter lifetime also means that any changes within the organisation are more easily managed – such as updates to company names, addresses and domains 

What happens on September 1st? 

Any two-year SSL/TLS certificates issued before 12:00am UTC on August 31st 2020 will remain valid for up to 825 days. 

From September 1st browsers will distrust any SSL/TLS certificates created from that date onwards which have a lifespan of more than 398 days. Depending on the browser this will either cause the connection to the website to fail, display as untrusted or present an error.  

Many providers will no longer offer two-year public TLS certificates moving forward, to limit the effects of this industry-wide mandate.  

What do UKFast customers need to know? 

To ensure that our customers are not affected by these changes, from Tuesday 18th August we will remove the ability to purchase certificates valid for more than one year from MyUKFastThis means that when you log into the portal you will notice that only SSL/TLS certificates valid for up to 398 days are available.  

Any two-year SSL/TLS certificates issued before 12:00am UTC on August 31st 2020 will remain valid for up to 825 days.  

This new requirement only applies to public SSL/TLS certificates purchased via MyUKFast. Private-root and other types of certificates (code signing, S/MIME) are unaffected and will have the same maximum validity that they do today. 

Our UKFast experts are available 24/7 for any further information or support with your SSL/TLS certification.

CONTACT US