Maximum SSL Certificate Validity

Monday, May 4, 2020

In short, maximum SSL certificate validity period is 2.2 years (in 2020). See below for more details.

By voting for Ballot 193, the CA/Browser Forum group have reduced the maximum lifetime for SSL certificates to 825 days or about 2.2 years.

Here’s an excerpt from the ballot:

Subscriber Certificates issued after March 1, 2018 MUST have a Validity Period no greater than 825 days.

One of the reasons behind this decision is that longer certificate validity periods can delay compliance with new guidelines. It should also help reduce the presence of older and possibly vulnerable certificates.

What is CA/Browser Forum?

The CA/Browser Forum is a voluntary consortium of certification authorities, vendors of browser software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates that chain to a trust anchor embedded in such applications. Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities.

Current State of SSL/TLS Support