Skip to main content

Set certificate validTo time

DigiCert sets certificate validity using specific UTC times to comply with RFC 5280, the CA/B Forum Baseline Requirements, and Apple certificate requirements. Understanding how DigiCert sets these times helps clarify why a certificate's end date may appear one day earlier than expected.

Select the validity period when requesting or renewing a certificate:

  1. On the certificate request or renewal form, select the Validity period.

  2. Choose one of the following options:

    • 1 year: Issues a certificate with the default maximum validity of 199 days on an annual plan.

    • Custom expiration date: Specify a specific end date for the certificate.

    • Custom length: Specify a validity duration up to the maximum allowed for the certificate type.

  3. Submit the request.

The end date determines when the issued certificate expires. Available validity periods depend on the product type, account configuration, and industry limits.

Notice

Unless you request a specific end date, CertCentral adjusts the certificate end date to avoid weekend and US holiday expirations. This helps ensure support staff are available when certificates need to be renewed.

ValidFrom and validTo times

DigiCert configures certificates as follows:

  • validFrom: 00:00:00 UTC on the certificate start date

  • validTo: 23:59:59 UTC on the certificate end date

Industry standards specify exact certificate lifetimes in seconds. Adding even one extra second to a certificate rounds the validity period up by a full day, which would cause the certificate to exceed the maximum validity period allowed under CA/B Forum Baseline Requirements and Apple's requirements. Setting validTo to 23:59:59 UTC ensures the certificate uses exactly the permitted validity period without exceeding it.

Practical example

For a certificate starting October 15, 2026 at 00:00:00 UTC with a one-year validity period, DigiCert sets:

  • validFrom: October 15, 2026 00:00:00 UTC

  • validTo: October 14, 2027 23:59:59 UTC

This gives the certificate exactly 365 days of validity.

Certificate validity options on request forms

On every certificate request form, the Certificate validity section shows the following options. Select the option that fits your requirement:

  • Maximum validity (199 days): Issues the certificate for the maximum validity period allowed by industry standards. This is the default selection. CertCentral displays a tip on the form confirming the current maximum: "Industry standards allow for a maximum certificate validity of 199 days."

  • Custom expiration date: Enter a specific end date for the certificate. Use this option when the certificate must align with a specific project, contract, or infrastructure timeline. CertCentral does not apply the weekend or holiday adjustment when a custom end date is specified.

  • Custom length: Enter a specific validity duration in days up to the maximum allowed. Use this option when a fixed number of days is required rather than a calendar end date.

Weekend and holiday end date adjustment

Unless a specific end date is requested on the certificate order form, CertCentral automatically adjusts the certificate end date to avoid weekends and US holidays. This adjustment helps ensure support staff are available when certificates approach expiration and need to be renewed.

To use a specific end date, select Custom expiration date on the certificate request or renewal form and enter the required date. CertCentral does not apply the weekend or holiday adjustment when a custom end date is specified.

Related topics

What's next

Configure extended key usage (EKU) options to control how certificates are used

En esta sección: