In case you have not heard, if you have an SSL certificate that expires within the next month or if you purchase a new certificate, the maximum interval between renewing the certificate will be reduced to two years (plus a renewal interval). Why was this change made? The change was decided in the CA/B Forum. You can read what DigiCert published HERE.
Impact – How does this change actually affect the IT community/Corporations?
If you have a public facing server or any server internally that uses a SSL certificate from a Public CA, then after March 1, 2018, this will affect how you renew your certificate. Instead of having options to renew the certificate for a longer period such as 3, 4 or 5 years, you will instead be limited to a period of 825 days. This corresponds to two years and a few days buffer for renewing the certificate and replacing the certificate on the server.
Now, not every certificate will be affected. Some servers already have two-year certificates on them. So if you are accustomed to using two-year certificates, the you will simply get a few more days with which to renew your certificate. Your impact will be low. For those using longer certificates, then you will need to adjust your renewal process to 2 years (or 825 days).
Conclusion
Like the change from SHA-1 to SHA-2, the reduction in renewal period should help shore up the security expected in Public CA issues SSL certificates. By reducing the time to 825 days from 39 months, certificates have a smaller window in which they could be compromised and exploited. After March 1, 2018 (and earlier for some!) you will be restricted to two years or less for your renewal period. Keep this in mind the next time you need to renew a Public certificate.
A blog about PowerShell! … and Office 365
