10:29 a.m.
vi fick ju tidigare information om begränsning av giltighetstid för
domänvalidering ner till 200 dagar (jag tar med information om detta
nedan också för de som inte sett det direkt från HARICA eller via Sunet
Forum TCS), men nu är det dags för det egentligen är mer grundläggande,
steget ner från 265 till 199 dagars giltighetstid för certifikaten som
sådana.
Det behövs ingen direkt åtgärd från er för detta, men om ni har manuellt
hanterade certifikat som går ut snart kan det ju vara slugt att förnya
dem nu innan 9 mars för att få full giltighetstid på dem, för som ni ser
nedan så påverkas ju inte giltighetstiden för certifikat utfärdade innan
ändringen av detta.
-- Informationen om certifikaten från HARICA --
In alignment with the updated Baseline Requirements for SSL/TLS
Certificates, Certificates issued on or after 15 March 2026 should not
have a validity period exceeding 199 days.
As part of our ongoing compliance measures, HARICA will reduce the
maximum validity period for Server Certificates from 365 days to 199
days.
Implementation timeline The above change will be implemented gradually
during the period 9–13 March 2026:
Before 9 March: All newly issued Server Certificates will continue to be
issued with the current maximum validity period (397 days).
Between 9 and 13 March: A transitional implementation period will apply.
During this time, issuance duration may vary as system updates are
progressively deployed.
After 13 March: All newly issued Server Certificates will be issued with
the new maximum validity period of 199 days.
Subscribers are advised to take this transitional window into
consideration when planning certificate issuance or renewal activities.
Impact on existing certificates Please note that the above changes do
not affect the validity of certificates that have already been issued.
All currently active certificates will remain valid until their existing
expiration date.
--- Information tidigare om giltighetstiderna för DCV och OV som hänger ihop med detta ---
Pursuant to the updated Baseline Requirements for SSL/TLS Certificates,
effective as of 15 March 2026, the reuse periods for the following
validation types will be amended as follows:
Domain Validation (DCV): reduced from 398 days to 200 days
Identity Validation (OV): reduced from 825 days to 398 days
In order to ensure compliance with the upcoming requirements, HARICA has
proactively adjusted the corresponding expiration dates for all
onboarded organizations that currently maintain active Domain Validation
(DCV) and/or Identity Validation (OV).
As a result, organizations will receive advance expiration notifications
(15 days for DCV and 30 days for OV) in accordance with the new
validation periods taking effect on 15 March 2026, enabling the timely
completion of the required renewal actions.
Review of updated validation status
To review the updated expiration dates for Domain Validation and
Identity Validation (OV) and to initiate the necessary actions, please
refer to the attached Enterprise Admin Guide, specifically:
C) Initiate Domain Validation for Enterprises
E) Submit Legal Evidence for Identity Validation
Specific changes to be applied
Domain Validation (DCV):
For organizations with an active DCV expiring between 13 March 2026 and
26 September 2026, the expiration date has been set to 13 March 2026.
For organizations with an active DCV expiring on 27 September 2026 or
later, the expiration date has been reduced by 199 days.
These adjustments ensure that the total validity period does not exceed
199 days.
Identity Validation (OV):
For organizations with an active OV Validation expiring between 13 March
2026 and 13 May 2027, the expiration date has been set to 13 March 2026.
For organizations with an active OV Validation expiring on 14 May 2027
or later, the expiration date has been reduced by 428 days.
These adjustments ensure that the total validity period does not exceed
397 days.
Important notes
One day has been intentionally deducted from the maximum validity
periods (200 → 199 days and 398 → 397 days) as a precautionary measure,
ensuring that no certificate is issued without an active and valid
validation in place.
13 March was selected as the reference date instead of 15 March, as 15
March falls on a Sunday. This allows HARICA personnel to be fully
available to promptly address any potential validation-related issues.
For OV Validations expiring within 30 days from the date of this notice,
organizations are strongly advised to submit Legal Evidence for Identity
Validation (OV) without delay.
--- Kommentarer för Sunet TCS specifik angående valideringen ovan ---
DCV för domäner: ni hittar giltihetstiden i domäntabellen på samma
ställe som ni går till för att förnya DCV
OV-giltighet hittar ni på huvudsidan för er organisation, lång upp till
höger under Validity och OV: Notera att för er som inte har
organisationsvaliderat så står ett datum där som är tidigare än när er
organisation lades upp.
Ni som har OV på plats men som går ut snart och ska fortsätta använda
OV-certifikat kan kontakta tcs(a)sunet.se så ger vi instruktioner om hur
ni laddar upp det som behövs. Vi har skött det hitills för vi trodde det
skulle vara besvärligt, men det har räckt med att ladda upp en textfil
med lite lagom boilerplate om organisationsnummer och att ni räknas som
GOV-SE (förutom för de av er som inte gör det, men det tar vi i så fall
i ärendet).
Med vänliga hälsningar,
--
Kent Engström, Sunet TCS
kent.engstrom(a)liu.se, +46 13 28 4444