Maximum validity (life) duration of SSL certificates / TLS It has varied a lot in recent years, and every time changes have been made, the validity period TLS / SSL has become less and smaller.
Before 2011 Maximum life of TLS certificates It was between 8 and 10 years old, after 2011,CA/BROWSER FORUM (Certification Authority Browser Forum) to reduce it at 5 years.
Subsequently, in 2015, the maximum validity period TLS was reduced to 3 years, that in 2018 it will reach a maximum of 2 years.
Validity period TLS / SSL certified in 2023
At the September 2019 poll, the proposal for limiting to 1 year was rejected, despite the vehement support of Google, Apple, Microsoft, Mozilla and Opera. However, in February 2020, Apple announced that starting September 1, 2020, it will reject the new TLS certificates over 398 days. Apple's decision was quickly adopted by Google, Mozilla and Microsoft.
Certificates issued before the date of implementation of this decision and certificates “root” of type “CA” They will not be affected by this change even if their expiration term exceeds 398 days. At the time of their renewal, the maximum period must be conforming to the new requirements.
“Connections to TLS servers that violate these new requirements will fail“, Apple said in a nurse document. In other words, a non-compliant TLS certificate will prevent the functioning of applications, email servers or websites on Apple-developed systems and applications.
In a row, Google has announced that it will mark with the error code “ERR_CERT_VALIDITY_TOO_LONG“, the certificates that will not fall within the new validity limit and will treat them as being issued wrong.
SSL service providers They started in the summer of 2022 to withdraw the packages with the validity period 2 years, to avoid unpleasant surprises. The new certificates with a maximum period of 397 days, as recommended by Apple.
The decision to limit the life period for a certificat SSL / TLS, was taken for online security reasons. The lower the period of validity of a certificate, the lower the risks that it works for a longer time and after it has been compromised, it is lower.
They are currently web addresses (websites) that although they have valid SSL / TLS certificates, are dangerous to visitors. Contains malware, adware or phishing programs. They remain marked as “safe” Until the moment when SSL has to renew.
Even worse is for smartphone users who use Firefox or Chrome to browse web pages. For reasons to increase performance, Chrome and Firefox for mobile, do not check the SSL certificates in real time. Thus, users can access web pages whose certificates have been revoked, without being warned.
