Partner Blog 04-04-2018

How To Reissue 3-Year Certificates Without Losing Lifetime

Tobias Zatti

Due to CAB forum baseline requirements, we are no longer able to issue certificates with a lifetime of more than 825 days (or 27 months).

Technically speaking, our systems don't process a "reissue" order any differently than issuing a new certificate. So, afterFebruary 21, 2018, when you reissue your 3-year certificate, our system will automatically truncate your certificate lifetime to 825 days or until the original expiration date, whichever is less. Naturally, you may be concerned about losing certificate lifetime when you reissue and we understand.

We've provided an example below to help you understand how to get the maximum lifetime of your 3-year certificates.

Here's an example and graphic:

  1. On January 1, 2018, we issued your 3-year multi-domain certificate—this is the "original" certificate. This certificate has a maximum validity of 39 months and expires on January 1, 2021.
  2. On March 1, 2018, you reissue the certificate.

    This reissued certificate has a maximum validity of 825 days (approximately 27 months) and expires on July 4, 2020.

  3. On June 20, 2018, you reissue the certificate.

    This reissued certificate has a maximum validity of 713 days and still expires on July 4, 2020.

  4. On October 1,2018, you reissue the certificate again.

    This date is within 825 days of the "original" certificate expiration date. Therefore, the reissued certificate will now have the same expiration date as the “original” certificate, expiring on January 1, 2021, giving you the full certificate lifetime.

  5. On February 10, 2019, you reissue the certificate again.

    This reissued certificate again has the same expiration date as the “original” certificate and the expiration date stays on January 1, 2021.

I hope this clarifies the process and gives you and your customers more clarity around this industry guideline change and how we handle it.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-11-2024

FIPS 140-3 certification unlocked for TrustCore SDK

10-31-2024

Announcing the GA release of Device Trust Manager