SSL certificate validity periods reduced to 1 year

Back in February of this year, Apple announced that as of September 1, 2020, its Safari browser will no longer trust newly registered SSL certificates with validity periods of two years. Two-year certificates registered up until August 31, 2020, will be trusted, but those registered on or after September 1, 2020, will not. To prevent incompatibility with specific browsers, HOSTKET will implement a one-year max on SSL certificates in our system, as of August 15, 2020. Below we provide a bit of background information behind this change.

Why are SSL/TLS validity periods being reduced to 1 year?

In the lead up to this change, there'd been for years an ongoing discussion in the Certificate Authority/Browser community around validity periods. On the one hand, shorter validity periods improve security by reducing the window of exposure if a certificate is compromised, and ensuring certificate holders are regularly updating their information (company name, address, active domains, etc). On the other hand, shorter validity periods mean more work for certificate users.

Just a few years ago, the maximum validity period was reduced from three to two. Back in August of 2019, ballot SC22, which proposed a further reduction to one year, failed to pass at the CA/Browser Forum (the industry's self-governing body). Apple then made the independent decision to enforce this new maximum as part of their "ongoing efforts to improve web security" for Safari users. And when one of the major browsers imposes a change, the industry accommodates.

How will this change SSL/TLS registrations on HOSTKET?

As of August 15, 2020, HOSTKET will only offer one-year validity periods for all our SSL certificates.