When you purchase an SSL Certificate from Trustico® you are purchasing a license to secure your website or service for the validity period you have selected. Whether you choose a one-year, two-year, or multi-year subscription, your license entitles you to SSL Certificate coverage for that entire duration.
Trustico® automatically issues SSL Certificates for the maximum allowable validity period permitted by industry regulations. Your SSL Certificate will be issued with the longest validity currently permitted, and you simply obtain replacement SSL Certificates as needed throughout your license period at no additional cost.
Maximum Validity Periods
The maximum validity period for publicly trusted SSL Certificates is set by the Certificate Authority / Browser Forum (CA/Browser Forum), the industry body that governs SSL Certificate issuance standards. This maximum validity period is subject to change as the industry evolves its security requirements.
Currently, the maximum validity period is approximately 398 days. This means that during a multi-year license, you will need to obtain replacement SSL Certificates periodically to maintain continuous coverage.
When you reissue your SSL Certificate, the replacement is issued for the maximum allowable period or the remainder of your license, whichever is shorter. This ensures you always receive the longest possible validity for each SSL Certificate issued under your license.
Why Periodic Revalidation Exists
The requirement to periodically revalidate SSL Certificates exists to protect website visitors, businesses, and the integrity of the entire SSL Certificate ecosystem. Several important factors drive this industry-standard practice.
Confirming Continued Domain Ownership
Domain names can change ownership at any time. A business may sell its domain, a domain registration may lapse, or ownership may transfer for various reasons. Periodic revalidation confirms that the entity requesting the SSL Certificate still legitimately controls the domain name.
Without regular verification, an SSL Certificate could continue to be used by someone who no longer has any right to represent that domain. This would undermine the trust that SSL Certificates are designed to provide.
Verifying the Right to Conduct Business
For Organisation Validated (OV) and Extended Validation (EV) SSL Certificates, the Certificate Authority (CA) verifies that the organisation exists and is legitimately conducting business. Companies can cease trading, be dissolved, or have their right to operate revoked.
Periodic revalidation ensures that SSL Certificates displaying organisation information are only held by entities that continue to have a legitimate right to conduct business under that name.
Preventing Fraud and Misrepresentation
SSL Certificates establish trust between websites and their visitors. If a business is sold, the new owners may operate under completely different standards or even engage in fraudulent activity.
Regular revalidation provides an opportunity to verify that the current operators of a website are who they claim to be. This helps prevent SSL Certificates from being used to lend credibility to fraudulent operations.
Maintaining Good Business Practices
The periodic revalidation requirement reflects broader principles of good business practice. Just as professional licenses, certifications, and regulatory approvals require periodic renewal, SSL Certificates require regular confirmation that the holder continues to meet issuance requirements.
This ongoing verification maintains the value and trustworthiness of SSL Certificates as indicators of legitimate, verified online operations.
Monitoring Your SSL Certificate
Customers are responsible for monitoring their SSL Certificate expiry dates and ensuring timely reissuance to maintain continuous coverage. There are several methods available to assist with this important administrative task.
Many web servers, hosting control panels, and infrastructure management tools include built-in SSL Certificate monitoring features that can alert you when expiry approaches. Dedicated SSL Certificate monitoring software is also available and can track multiple SSL Certificates across your infrastructure.
For simpler setups, calendar reminders provide an effective way to ensure you do not miss reissuance deadlines. The Trustico® tracking system provides downloadable calendar files for both your SSL Certificate expiry date and your license expiry date, making it easy to add these important dates to your preferred calendar application.
Trustico® also offers a monitoring service that continuously checks your SSL Certificate status and can alert you to upcoming expiry or configuration issues. Explore Our SSL Certificate Monitoring Service 🔗
The Reissuance Process
Obtaining your replacement SSL Certificate is a largely automated process. When your current SSL Certificate approaches its maximum validity, you can complete reissuance through the tracking system.
The process involves completing Domain Control Validation (DCV) to confirm your continued control of the domain name. For most customers, this can be completed in minutes using automated validation methods such as e-mail, file-based authentication, or Domain Name System (DNS) records.
For Organisation Validated (OV) and Extended Validation (EV) SSL Certificates, organisation verification may also be required. However, previously verified organisation details are often retained by the Certificate Authority (CA), streamlining subsequent validations.
Reissue At Any Time
You are not required to wait until your current SSL Certificate approaches expiry to obtain a replacement. You may reissue your SSL Certificate at any time during your license period for any reason.
Common reasons for reissuing include generating new cryptographic keys, changing your Certificate Signing Request (CSR) details, moving to a new server, or simply preferring to align your SSL Certificate expiry with other administrative schedules.
Each time you reissue, your replacement SSL Certificate is automatically issued with the maximum allowable validity period, up to the remaining balance of your license. This flexibility ensures you always have access to a current, fully valid SSL Certificate whenever you need it.
Trustico® provides comprehensive tracking tools that display your SSL Certificate status, license expiry date, and validation requirements.
You may complete Domain Control Validation (DCV) via e-mail, file-based authentication, or Domain Name System (DNS) record methods depending on your preference. Discover The Validation Procedure 🔗
Security Benefits
Each time you obtain a replacement SSL Certificate, you have the opportunity to generate a new Certificate Signing Request (CSR) and corresponding Private Key. Generating fresh cryptographic keys at regular intervals is a security best practice that reduces risk associated with potential key compromise.
Trustico® offers the AutoCSR service which automatically generates your Certificate Signing Request (CSR) and securely stores your Private Key within your customer account. Learn About Certificate Signing Requests (CSR) 🔗
Your License Entitlement
Your SSL Certificate license from Trustico® provides complete coverage for your selected validity period. A two-year license means two years of SSL Certificate protection, and a three-year license means three years of protection.
The periodic reissuance requirement does not reduce your entitlement in any way. You are simply installing updated SSL Certificates during your license period rather than having a single SSL Certificate file that remains unchanged.
This licensing model applies universally across the SSL Certificate industry. All Certificate Authorities (CAs) and SSL Certificate providers operate under the same CA/Browser Forum regulations governing maximum validity periods.
Multiple SSL Certificates
It is technically possible to hold multiple SSL Certificate licenses for the same Fully Qualified Domain Name (FQDN) or website. There is no restriction preventing you from purchasing additional SSL Certificates for a domain that already has active coverage.
However, Trustico® recommends maintaining a single SSL Certificate license per Fully Qualified Domain Name (FQDN) for ease of use and simplified management. Managing multiple overlapping licenses for the same domain can create confusion regarding expiry dates, reissuance schedules, and which SSL Certificate is currently installed.
If you already have an active SSL Certificate license and require a new SSL Certificate, the recommended approach is to reissue your existing license rather than purchasing a new one. Reissuance provides you with a fresh SSL Certificate at no additional cost, issued for the maximum allowable validity up to your remaining license period.
Purchasing Additional Licenses
Customers who choose to purchase additional SSL Certificate licenses for a Fully Qualified Domain Name (FQDN) that already has active coverage are welcome to do so. This is a normal transaction and some customers prefer to maintain multiple licenses for operational reasons.
Please be aware that each SSL Certificate license purchase is a separate chargeable transaction. Trustico® is unable to offer refunds for subsequent SSL Certificate purchases made for a domain that already has active coverage.
Before purchasing a new SSL Certificate, we encourage you to check your existing orders in the tracking system to determine whether reissuance of an existing license would meet your requirements. Explore Our Refund Policy 🔗
For customers who prefer fully automated management, Trustico® offers Certificate as a Service (CaaS) which handles the entire SSL Certificate lifecycle including automatic reissuance without manual intervention. Learn About Certificate as a Service (CaaS) 🔗
Further Information
Trustico® has published a comprehensive guide covering SSL Certificate validity periods, the history of maximum validity changes, and detailed information about multi-year licensing options.
If you have questions about your SSL Certificate license, upcoming reissuance requirements, or the replacement process, the Trustico® support team is available to assist. View Our Support Resources 🔗
