The CA/Browser Forum has announced new industry requirements that shorten the maximum validity of SSL/TLS certificates. Starting February 24, 2026, all newly issued SSL/TLS certificates will have a maximum validity of 199 days, down from the current 397 days. This article explains what is changing, how OpenSRS is handling the transition, and what you need to do before and after the cutover.
Warning: These changes take effect February 24, 2026. Place any orders that should use the longer 397-day validity well before that date and confirm your domain and organization validations are current.
What is changing
- Maximum SSL/TLS certificate validity drops from 397 days to 199 days.
- Validation reuse periods are shortened for both Organization Validation (OV) and Domain Validation (DV).
- Code signing certificates are limited to one-year validity going forward.
How your certificate purchase will work
OpenSRS is keeping the purchase experience as close to today's as possible:
- You continue to purchase one-year SSL/TLS certificates, just as you do today.
- Each certificate is issued with a 199-day validity period.
- When the certificate reaches the end of its 199-day validity, it is automatically reissued. The SSL provider emails the reissued certificate to the end user.
- The reissued certificate covers the remaining time on your one-year purchase — either 166 or 167 days, depending on the original issuance date.
- After reissuance, the certificate must be reinstalled on the server.
This keeps the full one-year value of your purchase intact while meeting the new industry standards.
How the cutover affects existing and new orders
Order state | What happens |
|---|---|
Certificate issued before February 24, 2026 | Not affected. Remains valid until its original expiration date. |
Certificate request pending on or after February 24, 2026 | Follows the new 199-day issuance and automatic reissuance process. |
New code signing order on or after February 24, 2026 | Issued with a one-year validity only. |
Note: To get a certificate with the longest possible validity before the change, place orders well before February 24, 2026 and make sure all domain and organization validation requirements are up to date.
Reduced validation reuse periods
Validation reuse determines how long a previously completed validation can be reused when reissuing a certificate. As of February 24, 2026:
Validation type | Current reuse period | New reuse period |
|---|---|---|
Organization Validation (OV) | 825 days | 397 days |
Domain Validation (DV) | 397 days | 199 days |
Keeping validation information current helps prevent delays during issuance and the automatic reissuance step.
Next steps
- Place priority orders before February 24, 2026 — certificates issued before that date keep their original 397-day validity.
- Refresh domain and organization validations — current validations reduce the risk of issuance and reissuance delays. See for what each check involves.
- Plan reinstallation workflows — build automation or schedule the staff time needed to reinstall reissued certificates roughly six months after each new order.
- Review SSL fundamentals — see for background on how certificates are issued and used.
- Check upcoming pricing — see for product price updates effective April 17, 2026.
Questions? Contact OpenSRS Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.