Sectigo certificate term settings and issuance validity¶
When creating certificates, Sectigo's certificate profiles use static "terms" instead of an arbitrary number of days to determine certificate validity periods, while TLS Protect Cloud uses arbitrary numbers.
The Sectigo CA Connector accounts for this difference by intelligently matching the number you select to the closest Sectigo term setting.
The following table gives an example of how a TLS Protect Cloud request could match to the Sectigo terms, if these are the terms that apply to the Sectigo account:
| Venafi request | Sectigo term options | Result |
|---|---|---|
| 7 day certificate request | Sectigo minimum term length is 30 days | Issued certificate will be valid for 30 days. |
| 20 day certificate request | Sectigo terms allow for 15 day, 45 day, or 90 day terms | Issued certificate will be valid for 45 days, since that is the minimum term that covers the requested period. |
| 2 year certificate request | Sectigo maximum term length is 398 days for your account | Issued certificate will be valid for 398 days, since that is the maximum allowed by any available term. This is the only case where the issued certificate will be valid for a shorter term than was requested. |
When you create an Issuing Template in TLS Protect Cloud, you specify the maximum validity a user may request, and this is the default validity that is used if the user does not specify a validity in their request.
Because of the way TLS Protect Cloud maps validity to available terms in Sectigo, it is possible for the validity of issued certificates to exceed the maximum validity specified by the Issuing Template. This scenario is possible in situations where the maximum validity specified in the Issuing Template does not exactly match one of the defined Sectigo terms, and only if the Sectigo term is longer than the maximum Issuing Template validity. Consider these two examples:
| Venafi request | Max validity from Issuing Template | Sectigo terms | Result |
|---|---|---|---|
| 150 days | 180 days | 45 days, 90 days | The issued certificate will be valid for 90 days |
| 150 days | 180 days | 100 days, 200 days | The issued certificate will be valid for 200 days |