Managing Short SSL Certificate Validity

Shorter SSL Certificate validity periods are coming, and Trustico® is building the tools to make the transition effortless. Whether you manage one SSL Certificate or thousands, the solutions outlined on this page are designed to keep you ahead of every expiry date without adding complexity to your workflow.

This page will be updated as each tool becomes available. Bookmark it and check back for the latest developments.

Why Shorter Validity Periods Require Better Tools

The CA/Browser Forum has approved a phased reduction in SSL Certificate validity periods. Maximum validity will reduce to 200 days, then 100 days, and eventually 47 days by 2029. These changes mean SSL Certificates will need to be reissued more frequently throughout the life of your license.

When you purchase an SSL Certificate from Trustico® you are buying a license for a set period. During that license, you can reissue your SSL Certificate as many times as needed. The reissue process itself is not changing. The only difference is that you will need to do it more often.

This is exactly why Trustico® is investing in new tools now. More frequent reissues demand better automation, clearer visibility, and proactive notifications so that nothing falls through the cracks.

The Trustico® Tracking System

The Trustico® tracking system at tracking.trustico.com is the foundation that all of these new tools are built upon. It already allows customers and partners to manage reissues, check SSL Certificate status, and view license validity dates. Learn About The Trustico® Tracking System 🔗

Everything you can do through the tracking portal today will continue to work exactly as it always has. The tools described below are expansions of this system, giving you more ways to access the same functionality.

Tools in Development

Trustico® is actively developing a suite of tools that extend the tracking system to meet the demands of shorter validity periods. Each tool addresses a specific need, from programmatic automation to proactive alerting.

Tracking Application Programming Interface (API)

The most significant addition is a dedicated Application Programming Interface (API) that will be available to both customers and partners. This Application Programming Interface (API) brings the functionality of the tracking portal into your own systems, enabling you to automate SSL Certificate management without logging in to a web interface.

The Application Programming Interface (API) will allow you to request an SSL Certificate reissue by submitting a Certificate Authority (CA) Reference and domain. You can reissue using your original Certificate Signing Request (CSR) so the SSL Certificate works with your existing Private Key, or submit a new Certificate Signing Request (CSR) if you need a fresh key pair.

During the reissue process, you will be able to select your preferred Domain Control Validation (DCV) method. This includes approver e-mail, Domain Name System (DNS) validation, or file-based authentication. Learn About File-Based Authentication 🔗

The Application Programming Interface (API) will also let you retrieve both SSL Certificate expiration dates and license validity periods on demand. This makes it possible to build your own monitoring dashboards and automate renewal workflows across all of your domains. Learn About Certificate Signing Requests (CSR) 🔗

Expiry Notification Services

Trustico® is building notification services that will alert you when your SSL Certificates and licenses are approaching expiry. Because these are two separate events, the notification system will cover both independently.

You will receive advance warning for SSL Certificate expirations, giving you time to reissue before your current SSL Certificate stops working. You will also receive separate notifications for license expiry, so you know when it is time to renew your license to maintain coverage.

As validity periods decrease, timely notifications become essential to maintaining uninterrupted SSL Certificate coverage.

Certificate as a Service (CaaS) — Available Now

For those who want a fully automated solution today, Trustico® and Sectigo Certificate as a Service (CaaS) products are already available to order. Certificate as a Service (CaaS) SSL Certificates automatically reissue and install themselves before expiry, removing the need for any manual intervention. Learn About Certificate as a Service (CaaS) 🔗

To use Certificate as a Service (CaaS), you will need to set up an Automatic Certificate Management Environment (ACME) client on your servers. You will then configure the External Account Binding (EAB) credentials that Trustico® provides for each SSL Certificate. Once configured, the SSL Certificates take care of themselves. Learn About Automatic Certificate Management Environment (ACME) Clients 🔗

Every server environment is different, so while Trustico® supplies the credentials, the implementation on your infrastructure is your responsibility. Trustico® provides comprehensive documentation on obtaining and configuring your External Account Binding (EAB) credentials to guide you through the process. Learn About Obtaining Your Certificate as a Service (CaaS) Credentials 🔗

Automated Installation Tools

Reissuing an SSL Certificate is only half of the process. The SSL Certificate also needs to be installed on your server before it can protect your domain. As reissue cycles become shorter, the installation step becomes just as important to automate as the reissue itself.

Trustico® is developing installation tools that will handle this for you. These tools are being designed to support automated SSL Certificate installation across widely used server control panels, so that once your SSL Certificate is reissued, it can be installed without manual steps on your part.

Supported platforms will be announced as each integration becomes available. If you use a server control panel and would like to be notified when automated installation support is available for your platform, Trustico® welcomes you to get in touch so we can understand what our customers and partners need most. Learn About Contacting Trustico® 🔗

Which Solution Is Right for You

Trustico® is building solutions to fit every workflow. If you prefer to manage SSL Certificates manually, the tracking portal continues to provide everything you need. If you want to automate SSL Certificate management within your own systems, the upcoming Application Programming Interface (API) will give you programmatic access to the same functionality.

If you want a completely hands-off solution where SSL Certificates reissue and install automatically, Certificate as a Service (CaaS) is available to order today. As validity periods shorten, the value of automation only increases.

The entire SSL Certificate industry is adjusting to shorter validity periods, and many providers have left preparation to the last minute. Trustico® is committed to delivering the tools customers and partners need ahead of these deadlines. As changes progress across the industry and in real world environments it’ll dictate the methods most important to both direct customers and partners. We value your feedback to accommodate streamlined processes throughout this transition period.