TLS, SSL Certificate Lifespans Set To Expire In 47 Days: What You Need To Know

Here are some more details about the shortened web certificate lifespan.

Digital certificates are a key component of modern cybersecurity — essential for organizations to establish secure and trusted connections for websites, devices, web servers, code, software, email and more.

In January, Apple proposed reducing the validity period for TLS/SSL certificates to a shorter expiration lifespan for security reasons. Now, The CA/Browser (CA/B) Forum has decided to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029.

Sectigo, a top digital certificate management solution provider based in Scottsdale, Arizona, endorsed the proposal.

“At Sectigo we have long advocated for shorter certificate lifecycles as a crucial step in bolstering internet security, which is why we endorsed this ballot from its inception,” said Kevin Weiss, chief executive officer at Sectigo, in a news release. “This collaborative initiative passed by the CA/Browser Forum not only showcases the industry’s unified commitment to enhance digital trust for all but also empowers customers to be at the leading edge of preparing for a quantum future.”

[RELATED: Sectigo Rolls Out Certificate-As-A-Service For Managing Certificate Complexity]

Here are some more details about the shortened web certificate lifespan:

• By March 14, 2026, TLS certificates’ lifespans will shrink to 200 days. The Domain Control Validation (DVC) reuse period will also be reduced to 200 days.
• By March 15, 2027, the maximum certificate lifespan will shrink to 100 days as well as the DCV reuse period.
• By March 15, 2029, the maximum certificate lifespan will be reduced to 47 days and the DVC reuse period will go to 10 days.

The goals of reducing certificate lifespans are to enhance security, encourage automation, and prepare for a quantum computing era as “shorter certificate lifespans foster crypto agility,” Sectigo said in a blog post.

While there is still a waiting period before the CA/Browser Forum’s ballot becomes official, “its eventual enforcement may present operational challenges for enterprises. We believe it’s important for organizations to view this industry shift not as an abrupt or radical change, but rather an incremental step towards future proofing their business," said Tim Callan, chief compliance officer at Sectigo and vice-chair of the CA/Browser Forum, in a news release. "Sectigo's automated solutions are designed to make this transition as smooth as possible for customers and partners, allowing businesses to focus on their core operations while maintaining robust digital security."

Sectigo posted a guide to advise IT professionals how to prepare for the shortened web certificate lifecycle.