7 PKI Preparedness Tasks From DigiCert And ‘PQC For Dummies’

With only about one-third of organizations currently prepared for the impending 47-day certificate lifecycle, and PQC readiness even lower, a DigiCert executive says organizations are seeking assistance.

(Mike Fleck, senior director of products and solutions, DigiCert)

With TLS/SSL certification life spans soon to expire every 47 days and post-quantum computing’s threat to traditional cryptography imminent, organizations must start preparing now for these disruptions in the public key infrastructure (PKI) landscape.

Certificate Authority (CA) organization DigiCert is offering assistance with its free e-book “PQC For Dummies.”

Lest one finds the title off-putting, the technology-related “For Dummies” book series has more than 6,000 titles across the brand, and has “generated hundreds of millions of dollars in total sales,” according to a 2021 news release from the publisher John Wiley and Sons.

MES Computing spoke with Mike Fleck, senior director of products and solutions at DigiCert about advice the book offers, and the critical need for organizations to prepare for shortened digital certificate lifecycles and PQC.

7 PKI Preparedness Tasks

Take Inventory Of Cryptographic Assets

The first step to preparedness, the book advises, is to take an inventory of your organization’s certificates, algorithms and other cryptographic assets.

It’s important to get a hold on managing “what is unknown,” Fleck said.

Implement Automated End-to-End Certificate Renewal

Fleck spoke of conversations he’s had IT leaders where the renewal process is cited as major hurdle to diligent certificate management.

He stressed the importance of building an inventory for certificate and PQC renewal and also spoke about the need to automate the process.

Organizations may automate “parts of the certificate renewal process,” Fleck said, perhaps automating filing tickets, but often leave out the final step of installing the renewed certificate.

Raise Your Awareness

CAs like DigiCert and cloud solution providers are leading customers in PQC readiness, however it pays to acquire information external to a vendor.

Fleck said based on interest in the DigiCert e-book, there is a “growing awareness and need for PGC education among businesses.”

Don’t Sleep On AI For PQC Preparedness

Fleck said that when it comes to AI’s role in PQC planning and digital lifecycle management, AI can help with the “learning curve for integrations and addressing trust issues associated with agentic AI.”

Become Crypto Agile

Crypto agility involves “asset visibility, established methods for deploying encryption technologies, and the ability to respond quickly when security issues arise,” advises DigiCert’s guidebook.

Check Protocol Requirements

Fleck flagged that not all automation tools support the same protocols. For instance, he said that a few of the tool out there don’t support the ACME protocol – a “protocol and framework that's published by the IETF in RFC 8555 and which can be used for the signing and creation of certificates where domain validation is required,” according to Oracle.

Ensure automation tools support all protocols within your PKI environment.

Know The Timetable

While there is no set date for “Q-Day,” the time when threat actors will be able to break today’s encryption, the timetable for when digital certificate lifecycles will shorten to 47 days is known:

By March 14, 2026, TLS certificates’ lifespans will shrink to 200 days. The Domain Control Validation (DVC) reuse period will also be reduced to 200 days.
By March 15, 2027, the maximum certificate lifespan will shrink to 100 days as well as the DCV reuse period.
By March 15, 2029, the maximum certificate lifespan will be reduced to 47 days and the DVC reuse period will go to 10 days.

While DigiCert’s PQC book was launched last year, the company said that an updated edition will be available in five to six months.