Avoid Lost Business From Incorrect Client Clocks

Incorrect clocks cause of 33% of certificate errors in Chrome on Windows according to a study by Google. Here's how SSLMate helps.

“Site owners need to manage certificates carefully to avoid breakage due to client clocks. […] Certificates that are used close to their issuance date fall afoul of misconfigured client clocks more often because the clock is more likely to fall before the certificate’s validity period begins.”

Where the Wild Warnings Are: Root Causes of Chrome Certificate Errors

Everyone who has ever gotten an SSL certificate knows that they have an expiration date. Fewer people know that certificates also contain an issuance date. Web browsers check both the issuance and expiration dates when loading an HTTPS website, and display a security error if the current date is before the issuance date or after the expiration date.

Unfortunately, computers don't always know the correct date. If a visitor to your site has a fast clock, their browser might think your certificate is expired when it isn't. If your visitor's clock is slow, their browser might think your certificate isn't valid yet. Either way, your visitor is presented with an alarming, full-page security error that risks turning them away and tarnishing their perception of your brand.

Incorrect client clocks pose a particularly high risk to site operators during certificate renewal. If you wait until a certificate is almost expiring, or install a renewed certificate immediately, you increase the chance that the certificate will be rejected by a client whose clock is slightly off.

SSLMate avoids the problem with a careful certificate renewal strategy. SSLMate orders a new certificate 60 days before your current certificate expires. But instead of installing the certificate immediately, SSLMate waits 30 days. After 30 days have passed, SSLMate swaps the old certificate, which is now 30 days from expiring, with the new certificate, which is now 30 days old. Consequentially, SSLMate certificates can tolerate client clocks that are up to 30 days off in either direction.

Clock skew protection is just one of the ways that HTTPS works better when you use SSLMate.

Begin Your HTTPS Deployment Today

Try SSLMate for SaaS free for 30 days

Click to sign up