picture of tbs certificates
picture of tbs certificates
Our products range

20191121 - SSL multi-year plans

In November 2019, TBS adds SSL plans to its catalog. It is a reaction to the 2018 CA/B Forum decision to limit the SSL certificates validity to 2 years and then to the Apple decision to limit to 1 year the SSL certificates lifetime on Safari from 2020.

What are multi-year plans?

During your orders deposit you may be proposed certificates for 2, 3, 4, 5 and 6 years.

The issuance of certificates valid more than 397 years (1 year and 1 month) being impossible, the certificates will then have to be reissued to reach the 2, 3, 4, 5 or 6 attended years.

To be clear: For a 3 years plan, the first issued certificate will have a validity of 1 year and 1 month. You will then be able to reissue it to "extend" its validity period as many times as needed to reach the plan end date.

2 examples:

The specificities of reissue in the context of a package deal

A reissue as part of a package will result in the creation of a new certificate with a new expiration date. Each reissue will result in the delivery of a valid certificate:

  • 397 days if the expiration date of the certificate is lower or equal to the plan expiration date
  • the number of days left until the expiration day of the plan

La procédure est la même que pour une refabrication classique : tout se passe sur la page statut du certificat. Le bouton "Demander la refabrication du certificat" vous mène au formulaire de refabrication.

How to track reissues ?

As for a classic certificate expiration, reminder emails will be sent to you 28 days before the expiration of the certificate to be reissued.

If you have a Certificate Center those certificates are also listed in the "Operations > Recommended reissuance" section. For each certificate is indicated the date from which the certificate will have to be reissued.

Finally, the status page displayed the information as well whether the certificate is attached to a Certificate Center or not.

You forgot to reissue your certificate and it has expired?

No problem. It is possible to request the reissue of an expired certificate within the context of the multi-year package and this, until the expiration date of the package.

What are the concerned certificates?

Multi-year plans are available for PositiveSSL (FreeDV excepted) and Sectigo, TBS X509, DigiCert, Thawte and Geotrust server certificates.

What is the procedure for a reissue as part of a package?

As explained above, the deposit for reissue is not automatic. You will have to apply for it. Then, only the DCV will have to be revalidated.

Customer accounts: extended features

Recommended reissuance

If you have currently valid "plan" certificates then a new section is available in the "Operation" menu: "Recommended reissuance".

It lists all your "plan" certificates and sort them by reissuance period.

Automatic reissuance

From this page, it is also possible to activate automatic reissuance for all or some of your certificates. To do so, put "Activate automatic reissue" to "Yes" for the wanted certificates and click on the "Save" button at the bottom of the page.

Warning: automatic reissuance is only available for certificates installed on server authorizing re-signature and the re-use of the CSR. For the others a manual operation will be required.

You can also deactivate the automatic reissuance by putting "Activate automatic reissue" to "No" for the wanted certificates and clicking on the "Save" button at the bottom of the page.

Useful links