diff --git a/lemur/common/missing.py b/lemur/common/missing.py
index a4bbba77..5c7dffac 100644
--- a/lemur/common/missing.py
+++ b/lemur/common/missing.py
@@ -16,6 +16,7 @@ def convert_validity_years(data):
         data['validity_start'] = now.isoformat()
 
         end = now.replace(years=+int(data['validity_years']))
+
         if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
             if is_weekend(end):
                 end = end.replace(days=-2)
diff --git a/lemur/plugins/lemur_verisign/plugin.py b/lemur/plugins/lemur_verisign/plugin.py
index 3e672a43..3f16f997 100644
--- a/lemur/plugins/lemur_verisign/plugin.py
+++ b/lemur/plugins/lemur_verisign/plugin.py
@@ -111,10 +111,19 @@ def process_options(options):
 
     data['subject_alt_names'] = ",".join(get_additional_names(options))
 
+    if options.get('validity_end') > arrow.utcnow().replace(years=2):
+        raise Exception("Verisign issued certificates cannot exceed two years in validity")
+
     if options.get('validity_end'):
-        period = get_default_issuance(options)
-        data['specificEndDate'] = options['validity_end'].format("MM/DD/YYYY")
-        data['validityPeriod'] = period
+        # VeriSign (Symantec) only accepts strictly smaller than 2 year end date
+        if options.get('validity_end') < arrow.utcnow().replace(years=2).replace(days=-1):
+            period = get_default_issuance(options)
+            data['specificEndDate'] = options['validity_end'].format("MM/DD/YYYY")
+            data['validityPeriod'] = period
+        else:
+            # allowing Symantec website setting the end date, given the validity period
+            data['validityPeriod'] = str(get_default_issuance(options))
+            options.pop('validity_end', None)
 
     elif options.get('validity_years'):
         if options['validity_years'] in [1, 2]: