The CA/Browser Forum has decided to reduce the lifespan of SSL/TLS certificates significantly over the next few years. By 2029, certificates will have a lifespan of just 47 days, down from the current 398-day period. This decision follows a proposal earlier this year, supported by major players like Apple, Google, Mozilla, and Sectigo, aiming to address security risks posed by outdated certificates and cryptographic algorithms. The phased reduction will begin in March 2026, with a 200-day lifespan, and then drop to 100 days by 2027.
The goal of reducing SSL/TLS certificate lifespans is to increase the security of online communications. Shortening the lifespan encourages faster certificate renewal and minimizes the risks associated with compromised credentials or expired certificates. This initiative also aims to push businesses and developers to automate certificate management, reducing the chances of websites running with expired certificates. By enforcing these changes, the CA/Browser Forum hopes to improve data security for both websites and users.
SSL/TLS certificates are essential for secure internet communications, as they encrypt sensitive data and authenticate websites. The certificates prevent attackers from intercepting data, such as passwords or credit card details, while ensuring that the exchanged information remains unaltered. Currently, certificates have a lifespan of 398 days, but the new rule is expected to reduce this time in a series of steps to enhance security and agility within the ecosystem. The majority of certificate authorities have agreed that this period is too long, given the growing security threats.
Although the reduction in certificate lifespans will add administrative complexity, it will promote a more secure and efficient ecosystem. With the reduced timeframes, businesses will need to implement automated certificate renewal systems, such as those offered by Let’s Encrypt or cloud providers. This gradual transition will give organizations the time needed to adapt to these changes while strengthening overall internet security.
Reference:
