From: "Lewis G Rosenthal" Received: from [50.73.8.217] (account lgrosenthal@2rosenthals.com HELO [192.168.200.24]) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPSA id 2450419 for ecs-isp@2rosenthals.com; Thu, 14 May 2026 11:40:25 -0400 To: eCS-ISP Subject: SSL cert lifetime Organization: Rosenthal & Rosenthal, LLC Message-ID: <6A05ECEA.80507@2rosenthals.com> Date: Thu, 14 May 2026 11:40:26 -0400 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Firefox/38.0 SeaMonkey/2.35 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Thought I'd share this bit of news from Starfield Tech regarding cert lifetimes. I am assuming this will pertain to all CAs over the next few years. 8<-------------------- snip -------------------->8 The entire SSL Industry is undergoing a requirement to shorten SSL/TLS validity duration from 398 days to 47 days. The first phase has started and validity is now 200 days. This will again change to 100 days by March 2027 and finally to 47 days by March 2029. What does this mean for you? Instead of re-installing your certificate 1x per year, that frequency will begin to increase. Starting later this year in approximately 180-200 days you'll need to repeat this action - and then again more frequently in 2027 through 2029. 8<-------------------- snip -------------------->8 Oh, joy. Further details are given in this "handy" article on their site: https://www.secureserver.net/help/why-are-ssl-certificate-validity-periods-changing-42816 The whole argument about shorter cert lives being more secure is a tough one for me, given the availability of OCSP stapling and other validation/revocation methods. Oh, well. -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------