Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

20191121 - SSL multi-year plans

In November 2019, TBS adds SSL plans to its catalog. It is a reaction to the 2018 CA/B Forum decision to limit the SSL certificates validity to 2 years and then to the Apple decision to limit to 1 year the SSL certificates lifetime on Safari from 2020.

What are multi-year plans?

During your orders deposit you may be proposed certificates for 2, 3, 4, 5 and 6 years.

The issuance of certificates valid more than 397 years (1 year and 1 month) being impossible, the certificates will then have to be reissued to reach the 2, 3, 4, 5 or 6 attended years.

To be clear: For a 3 years plan, the first issued certificate will have a validity of 1 year and 1 month. You will then be able to reissue it to "extend" its validity period as many times as needed to reach the plan end date.

2 examples:

What about those reissuances?

They work the same way as a classic reissuance but the expiration date of the certificate is recalculated. Each reissuance will lead to the delivery of a certificate valid:

  • 397 days if the expiration date of the certificate is lower or equal to the plan expiration date
  • the number of days left until the expiration day of the plan

The procedure is the same than for a classic reissuance: everything happens on the certificate status page. The "Request the re-issue of the certificate" will lead you to the reissuance form.

How to follow-up on those reissuance?

Reminder e-mails are sent from 3 months before the certificate reissuance due date.

If you have a Certificate Center those certificates are also listed in the "Operations > Recommended reissuance" section. For each certificate is indicated the date from which the certificate will have to be reissued.

Finally, the status page displayed the information as well whether the certificate is attached to a Certificate Center or not.

You forgot to reissue you certificate that is now expired?

No problem. It is possible to reissue an expired certificate up to the day of the multi-year plan expiration.

What are the concerned certificates?

Multi-year plans are available for PositiveSSL (FreeDV excepted) and Sectigo, TBS X509, DigiCert, Thawte and Geotrust server certificates.

What is the procedure for such reissuances?

As explained above the reissuance order deposit is not automatic, you will have to request reissuance. Only the DCV will have to be validated.

Customer accounts: extended features

Recommended reissuance

If you have currently valid "plan" certificates then a new section is available in the "Operation" menu: "Recommended reissuance".

It lists all your "plan" certificates and sort them by reissuance period.

Automatic reissuance

From this page, it is also possible to activate automatic reissuance for all or some of your certificates. To do so, put "Activate automatic reissue" to "Yes" for the wanted certificates and click on the "Save" button at the bottom of the page.

Warning: automatic reissuance is only available for certificates installed on server authorizing re-signature and the re-use of the CSR. For the others a manual operation will be required.

You can also deactivate the automatic reissuance by putting "Activate automatic reissue" to "No" for the wanted certificates and clicking on the "Save" button at the bottom of the page.

Useful links