As per CA/B rules, all SSL certificates will be issued after March 1,2018 for only 2 years validity. This new rules have surged an opportunity for certificate authorities to revaluate all certificates with better security prospective and validation of required documents in near future. The rule is specified in ballot 193.
This new validity is not applicable for those certificates, which are already issued earlier with 3-year validity. Once 3 yr validity will be over, they need to go for 2 yr. validity certificate. If we talk about domain validation and organization validation then the validity will be reduced to 825 days (27 months) while Extended Validation SSL is already having 2 yr. validity. Even code signing certificates will be limited to 2 yr validity.
In case, if you have 1 yr. SSL certificate then this rules will not bind you. The new rule is to protect customers from vulnerabilities and take more control on directive compliance as well implement more advanced encryption technology. Customers who want to enjoy 3 yr. validity; they should go to vendor/direct authority before March 2018 and they can then enjoy 3 yr. validity that will be valid up to June 2020.
Reducing certificate validity to 2 yr. can help in removing old and outdated vulnerable certificates, which were issued before this guideline. Let say, if there is 3 yr. validity remains, then any changes made by the CA/B forum will not be fully implemented to certificates, until they expire. It also creates issues to certificate’s ecosystem.
Before this amendment, Google proposed to reduce certificate validity to only 13 months, but browser authorities and CAs have opposed it.
The proposal has been projected by Chris Bailey of Entrust Datacard and authorized by the CA/B Forum member legislative body Robin Alden of Comodo, Ben Wilson of DigiCert, and Doug Beattie of Global Sign.