20191121 - SSL yearly and multi-year plans
In November 2019, TBS adds SSL plans to its catalog. It is a reaction to the 2018 CA/B Forum decision to limit the SSL certificates validity to 2 years and then to the Apple decision to limit to 1 year the SSL certificates lifetime on Safari from 2020.
From 2026 onwards, further reductions will be introduced, reaching 47 days in 2029..
What are plans?
During your orders deposit you may be proposed certificates for 1 to 6 years.
However, the lifespan of the issued certificates must comply with the limitations in force, so they will need to be re-issued to reach the lifespan of the selected plan.
To be clear: : When purchasing a 2-year plan, the first certificate issued will be valid for 200 days if it is issued after March 15, 2026. A reissuance will then need to be requested upon its expiration. This process must be repeated as many times as necessary until the plan expires.
2 examples:
The specificities of reissue in the context of a plan
A reissue as part of a plan will result in the creation of a new certificate with a new expiration date. Each reissue will result in the delivery of a valid certificate:
- the maximum number of days allowed if the expiry date of the certificate is less than or equal to the expiry date of the plan
- the number of days left until the expiration day of the plan
La procédure est la même que pour une refabrication classique : tout se passe sur la page statut du certificat. Le bouton "Demander la refabrication du certificat" vous mène au formulaire de refabrication.
How to track reissues ?
As for a classic certificate expiration, reminder emails will be sent to you 28 days before the expiration of the certificate to be reissued.
If you have a Certificate Center those certificates are also listed in the "Operations > Recommended reissuance" section. For each certificate is indicated the date from which the certificate will have to be reissued.
Finally, the status page displayed the information as well whether the certificate is attached to a Certificate Center or not.
You forgot to reissue your certificate and it has expired?
No problem. It is possible to request the reissue of an expired certificate within the context of the plan and this, until the expiration date of the plan.
What are the concerned certificates?
Multi-year plans are available for PositiveSSL (FreeDV excepted) and Sectigo, TBS X509, DigiCert, Thawte, Geotrust and GlobalSign server certificates.
What is the procedure for a reissue as part of a plan?
As explained above, the deposit for reissue is not automatic. You will have to apply for it. Then, only the DCV will have to be revalidated.
Customer accounts: extended features
Recommended reissuance
If you have currently valid "plan" certificates then a new section is available in the "Operation" menu: "Recommended reissuance".
It lists all your "plan" certificates and sort them by reissuance period.
Automatic reissuance
From this page, it is also possible to activate automatic reissuance for all or some of your certificates. To do so, put "Activate automatic reissue" to "Yes" for the wanted certificates and click on the "Save" button at the bottom of the page.
You can also deactivate the automatic reissuance by putting "Activate automatic reissue" to "No" for the wanted certificates and clicking on the "Save" button at the bottom of the page.