SSL Certificate Lifetime

Hello folks

Now I had a due diligence with one of my clients and they asked a very interesting question. Ordinarily, we have 2 year SSL certificates for our services. The question was, why we chose 2 years not 1 year. To be honest, I didn’t have a valid response which made me think, is there an acceptable SSL certificate shelf life?

What difference does it make between 1 & 2 years? Is there a standard PKI recommendation on picking either?

Your thoughts will be highly appreciated.



This might be of interest:


2 Years usually are cheaper than1 Year, of course.

Plus, with 2 Years certificates (or more years) you don’t have to go through all the renewal process:
A) Renewing a Certificate is considered as issuing a new one, since your organization still has to be verified with every renewal. Save the hassle to do it every year, with 2 Years or more Years Certificates.
B) Remove expired certificate, install new certificate, etc… in your servers after 1 year.

Thanks Garry and W-e-v.

Very informative. So essentially there isn’t any ‘hard’ requirement say from ISO 21188:2006 which outlines why 1 year is better than 2 year and vice versa.

Again thanks for taking time to revert.