Starting on March 1, 2018 you will no longer be able to purchase 3-year SSL certificates. This wasn\u2019t our decision, it was made by the CA\/Browser forum<\/a>.<\/p>\n If you\u2019ve never heard of the CA\/B Forum before, that\u2019s OK. Not many people have. It serves as the de facto regulatory body for digital certificates. That sounds a whole lot cooler than it really is. In reality, 95% of the time it\u2019s just a bunch of nerds arguing about by-laws. Occasionally they meet in person, which leaves whatever conference space they\u2019re in smelling like condescension and Clearasil.<\/p>\n But the other 5% of the time they make decisions that affect the entire industry. Like continuing to shorten the maximum validity period for SSL certificates<\/strong>. There was a time, back when the SSL industry was like the Wild West [Editor\u2019s Note: Sorry, Carl has been on a Cowboy kick lately] that you could even get a five-year certificate.<\/p>\n But certificate lifespan is actually one of the only places where, in terms of size mattering, shorter is better.<\/p>\n Technology changes frequently, it\u2019s always advancing. So having a five or even a three-year certificate means you\u2019re going to be going 3-5 years between updating your ciphers with stronger encryption. Case in point, a five-year-old certificate would still be using SHA-1. SHA-1 <\/a><\/strong>was deprecated a couple of years ago and then last year Google spent considerable resources to create <\/strong>a SHA-1 collision<\/strong>, which underscored the need to move to SHA-2.<\/p>\n With a three year certificate, some users would be going three years between updates. That\u2019s never a good idea.<\/p>\n Beyond that, certificate authorities need to re-validate you regularly, this is so you can continue to be trusted. It\u2019s not unlike how you occasionally have to back to the DMV to update the information on your driver\u2019s license. Or at least you\u2019re supposed to.<\/p>\n At any rate, your validation information is only good for 825 days. If it\u2019s been longer than that you\u2019ll have to pass validation again.<\/p>\n Ok, here goes:<\/p>\n Stay cautious, my friends.<\/p>\n","protected":false},"excerpt":{"rendered":"Why Are Shorter SSL Certificate Validity Periods Better?<\/h2>\n
Explain this to me like I\u2019m five, Carl<\/h2>\n
\n