Great news to the SSL market! Now, Sectigo SSL certificates are available for up to 5-year Subscription Plans. Digicert, GeoTrust, Thawte and RapidSSL certs available up to 3-years. For security reasons, your certificate will initially be issued with a maximum of 13 months of validity. Before the expiration, we will contact you to replace your certificate with another maximum duration certificate.
You can reissue your certificate at any time and as many times as you like. No more lost days or weeks on single-year certificates trying to time a new purchase and re-submission.
Industry changes
At the CA/Browser (CA/B) Forum in Bratislava, Slovakia, Apple announced that beginning Sept. 1, newly issued publicly trusted TLS certificates are valid for no longer than 398 days. This followed a long history of the CA/B Forum community working to reduce certificate lifetimes and improve security while balancing the needs of business owners in transitioning to shorter validity certificates. Check the official statement and history.
When changes applies?
- Sectigo- starting at 19th August 2020
- GoGetSSL- starting at 19th August 2020
- DigiCert- starting at 27th August 2020
- All other CAs- starting at 1st September 2020
What is the TLS/SSL Multi-year Plan?
To help your customers embrace the benefits of shorter certificate lifetimes and make certificate management even easier, GoGetSSL is offering Multi-year Plan TLS/SSL certificates. This new type of multi-year coverage is a time-efficient and cost-effective way to help your customers improve their security by further reducing certificate outages and the hassle of managing shorter certificate lifecycles.
As browsers are mandating one-year certificate lifetimes, the Multi-year Plan coupled with automation tools saves you time—and money. Your customers can lock in longer coverage terms provided by the Multi-year Plan, while your cost goes down relative to the longer term lengths you sell.
How does it work?
When your customer purchases a TLS/SSL certificate with the Multi-year Plan, they’ll receive the initial certificate, valid for up to one year, and entitlement to unlimited certificate reissues during the order period—up to six years. We will need to routinely revalidate customer organizations and domains annually throughout the lifetime of the Multi-year Plan.
We would start sending replacement notifications before 30-21-14-7 days. The SSL will be replaced automatically using the same CSR before 3-days of expiration if users do not replace SSL on their own. Reissued SSL will be sent to the email.
Example of SSL subscription
There are four different dates now available for all multi-year SSL certificates.
- Subscription startsthe date when the first SSL was issued
- Subscription endsthe date when subscription ends and new orders needs to be created
- Valid Fromthe date when current active SSL was issued on
- Valid Tillthe date when SSL needs to be replaced in order to get new SSL for another 13-months
Why should partners offer the TLS Multi-year Plan?
When the Multi-Year Plan is combined with automation, your customers can minimize the risk of human error when managing shorter certificate lifecycles. With automation, you can automatically provision and reinstall certificates, and in most environments replace the CSR. Also, customers can easily adapt to any potential certificate lifetime reductions imposed by the industry in the future.
- Certificate renewals no longer require additional order periods added to the new certificate, because there is no more lost purchase period. The customer can get a new certificate from the day they need the certificate, until the day they want it to expire, within the service period. Due to Baseline Requirements of the CA/Browser Forum, re-validation is necessary at certain certificate intervals to maintain compliance.
- Multi-year Plan helps your customers efficiently embrace the security benefits of shortened certificate lifecycles and ensures they remain loyal to your brand for many years. Although certificate validation must be renewed annually, certificates can be replaced daily to improve the security posture of any organization.
Benefits of the Multi-year Plan for you and your customers
- Minimized risk of compromised certificates;
- Minimizes the risk of using weak keys (example SHA1);
- Ensures yearly validation of identity to prevent potential fraud and spoofing;
- Easier management of certificates with automation;
- Using the Multi-year Plan provides more billing flexibility for you with your customers, and allows you to secure more revenue up front, while locking in your customers for longer terms;
- Improve your average selling price (ASP) on certificate deals by selling longer term lengths.
Talking points to promote the Multi-year Plan
- Streamlined: Remove the hassle of annual billing by taking advantage of the Multi-year Plan.
- Customizable: Secure your site with coverage for longer periods of time.
- Secure: The Multi-year Plan allows you to embrace the best practice of shorter TLS certificate lifecycles by minimizing the risk of compromised certificates and changing out weak keys regularly, thus improving the security posture of your web pages.
- Future-proof: By taking advantage of Multi-year Plan options you also protect yourself from further reduction to certificate lifecycles imposed by the industry.
