Page 1 of 1

SSL/TLS Certificates

Posted: Wed Oct 21, 2020 11:20 pm
by CC_Support
Just so everyone is aware, as we are still getting a few questions about it. SSL/TLS certificates for websites are no longer available with more than 1 year validity.
The industry, all browsers and OS', now regard a certificate issued after 1 September 2020, with a valid date of more than 365 days (plus a few) to be invalid for websites. This was done to address security issues. It is possible that a certificate that has been compromised could be used on a fake website to make people think they were on the real site. With longer validity there is a longer peiod of time for this to happen. The way that was used to record invalid certificates known as a Certificate Revocation List (CRL) was not used to good effect by all that needed to. It needed to be updated by all browsers and operating systems but not all did. By reducing the validity of the certificates it reduces the time frame a certificate can be used and therefore reduce the attack window.
This of course means that Web Masters will need to update their certificates more frequently.
If you use one of our FREE certificates then this is taken care of you, automatically. If you use one of our managed SSL certificates then we will take care of this for you. It is still a manual process if you use one of the stronger or more validated certificates. You can of course, buy your own certificate and do this yourself and if you are using our FREE Hosting, WordPress Hosting or our cPanel Hosting then the process is fairly easy to do. You can do it from the control panel in each.