Security

Valid SSL certificate

Certificate is current, not expiring soon, and chains to a trusted root. Failing this is a hard browser block.

Authority: CA/Browser Forum
Version: CA/Browser Forum Baseline
Jurisdiction: Global
Source: cabforum.org
Last reviewed: 2026-04-28
Last verified: pending

What it is

The certificate served by the origin must be valid (not expired, not yet valid, properly chained, matching hostname) per the CA/Browser Forum Baseline Requirements.

Why it matters

Expired or invalid certs are a full outage in modern browsers. There's no grace period and no soft warning.

Who it applies to

Every HTTPS endpoint.

How WQI scores it

Web Quality Index considers this standard satisfied when the supporting factor passes.

#	Factor	Status
5	SSL certificate validity & expiration window	live

Related standards

See also: CAA , TLS 1.2+ , PFS , OCSP Stapling , CT

Other references

tooling Let's Encrypt — automated free certificates
tooling Qualys SSL Server Test