SSL certificates now have a one-year maximum length

SSL Secure Connection
(Bo-Yi Wu / Flickr)

As of August 19, you can no longer be able to request two-year SSL server certificates from ITS

Certificates will be valid up to one year

Sectigo, the company that makes these certificates available to the U-M community through InCommon, has stopped offering the two-year certificates and will only offer certificates that last up to one year (up to 398 days including a 30-day grace period).

An industry-wide change

This change is being made in preparation for an industry-wide change. Web browsers and devices from Apple, Google, and Mozilla will not trust any two-year certificate issued after August 30, 2020.

No action needed

  • Two-year certificates received from ITS will continue to be accepted by web browsers through the end of the certificate’s original lifetime. You do not need to renew any existing certificates early.
  • There are no changes to the maximum lifetime for code signing certificates.
  • Only SSL certificates requested from ITS after 5:00 p.m. on August 18 will be affected by the change from a two-year to a one-year maximum.