Home / Blogs

The Countdown Has Started – Here Come One-Year Digital Certificate Life Cycles

Apple announced its decision to trust only one-year digital certificates1 on its Safari browser in February 2020. This decision created a domino effect, with Mozilla and Google following suit; certificate providers announced they would not issue two-year certificates after Aug. 19, 2020. We wrote an article in March to help brands to prepare for this change.

After Sept. 1, 2020, only one-year digital certificates will be trusted on Chrome browser, Safari, and Firefox. With less than a month until this date, it’s important for brands to make sure that they’re ready for this change. In this article, we offer our recommendations to ensure that you’re fully prepared for the transition of your certificates.

Our simple four-step advice is account, consolidate, secure, and automate.


Ask yourself if your brand has a full accounting of its digital certificates by answering these questions:

  • How many, and what types of certificates do you have?
  • With which certificate authority are they registered?
  • Who has permission to administrate these certificates?
  • When are the renewal dates for each certificate?

If you don’t have an answer to all of these questions, you’re at risk of having digital certificates that aren’t accounted for.

As the frequency of replacing certificates increases, so does the risk of missing the replacement of a vital asset supporting your online business operations. If this happens, you’ll be unable to process secure transactions on that site, costing you traffic, revenue, and consumer trust.


CSC advocates consolidating your digital certificates with one provider and using Certificate Authority Authorization (CAA) records to best manage your certificates and control the permissions for issuing any certificates. Adding CAA records supports the consolidation of your providers, reduces the overall cost of management, and greatly reduces the risk of an unexpected expiration—an infinitely higher risk when you have multiple providers.


It’s important to consider the validation level of your digital certificates and the impact it has on your consumers and their confidence in the security of your sites. At CSC, we recommend considering Organization Validation (OV) certificates for your vital domains, as these go through a three-step verification process. Extended Validation (EV) certificates have the most stringent verification criteria, but can be more expensive and take longer to process. Both OV and EV certificates are preferable to Domain Validated (DV) certificates, which can be obtained by anyone with a credit card and who can be proven to own the domain in question.


The easiest way to deal with the increased frequency of renewals is to automate. If you have an extensive portfolio of domains, after Sept. 1, your renewals workload will double. Automated certificate monitoring, renewal, and replacement will make your life easier, and avoid the risk of an unexpected expiration.

  1. The lifetime of the certificate will include extra time for renewal, so the actual validity period will be 398 days. 
  1. This article originally published on Digital Brand Insider.

By Ken Linscott, Product Director, Domains and Security at CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign


Sponsored byVerisign