SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are methods used to secure and encrypt sensitive information like credit cards, usernames, passwords, and other private data sent over the Internet. Website pages secured with SSL and TLS are those branded with the HTTPS in their URL address.
The validity period of SSL was sheared from 10 years down to 5 years, and finally to 825 days (2years 3 months 5 days).
Owing to the security concerns associated with protracted validity periods. An organization may undergo many changes over the course of 5 or 10 years–mergers and acquisitions, management shuffles, or employees leaving.
In such a scenario, domain names are subject to change, and so are certificate ownerships. If a certificate that has a 5-year validity were deployed for the old domain name, it has to be revoked, and a new CSR has to be raised for the new domain.
The website may now have a different domain, but the old domain would still be valid because its certificate is still active.
Hackers could use those domains to create their own websites that look like they belong to the organization.
They can get unsuspecting people to visit those websites and surrender their data, which would go straight to the hackers’ systems.