What Happens If SSL Certificates Expire?

By Kevin Lee

You should renew your SSL certificate before it expires.
i Hemera Technologies/AbleStock.com/Getty Images

SSL certificates help make Web surfing more secure by facilitating encryption of data as it flows across the Internet. SSL certificates are widely used on e-commerce and other websites that collect sensitive personal or financial data. While navigating a website, your browser may warn that the site's SSL certificate has expired. If you are the owner of the website, an expired certificate can be easily remedied.

SSL Certificates and Browsers

SSL certificates are important because they let Web surfers know that they are communicating with trusted websites. Site owners purchase SSL certificates from companies called Certificate Authorities. A CA, such as VeriSign, verifies the site owner's identity and issues an SSL certificate to the owner containing a digital key. When a Web browser accesses the site, the browser and server exchange keys, allowing encrypted data to be transmitted. Your Web browser also verifies that an SSL certificate is current; if it has expired, the browser alerts the user by displaying a warning message.

Website Traffic Loss

Symantec, a computer security firm, describes the scenario that often occurs when Web surfers see warning messages triggered by expired SSL certificates. A survey conducted by Symantec found that 90 percent of the users who saw such a warning terminated any transactions in progress at the time. The survey also found that 72 percent of users will stop using the site and buy from a competitor’s site instead. Many users who are not familiar with how SSL certificates work may assume that your website is dangerous.

Security Implications

An expired SSL certificate may deter website users, but it does not prevent data from flowing securely between the site's server and a user's browser. A website with an expired certificate will still encrypt outgoing data, and the browser will decrypt the data as it is received. Visitors merely need to verify that they are communicating with the website over a secure connection. This can be done by looking for an "https://" prefix at the beginning of the URL in the browser's address bar.

Certificate Renewal

If your SSL certificate is about to expire, the CA that issued it will often contact you and remind you to renew the certificate. Directnic, for example, provides convenient links in renewal notices that users can click to begin the renewal process. If you do not respond to a renewal notice, your certificate will expire and you will have to renew it. Contact the company that issued the certificate to learn how to do this. Once you've renewed the certificate, Web browsers will no longer display the warning message about an expired SSL certificate.