The Certification Authority Browser Forum has approved a major change that will dramatically reduce the lifespan of SSL/TLS certificates to just 47 days by March 2029, marking a substantial shift in how websites maintain their security credentials.
The change, initially proposed by Apple and supported by tech giants including Google and Mozilla, will be implemented gradually over the next five years. Currently, SSL/TLS certificates are valid for 398 days. The new timeline introduces staged reductions:
- March 2026: 200 days
- March 2027: 100 days
- March 2029: 47 days
This dramatic reduction aims to enhance online security by limiting the potential damage from compromised certificates. With shorter validity periods, stolen certificates become useless more quickly, reducing opportunities for cyberattacks and fraud.
The move also pushes organizations toward automated certificate management, as manual renewal becomes impractical with such frequent updates. However, this transition raises concerns for smaller website operators who may struggle with the technical and financial demands of more frequent certificate renewals.
"Companies no longer have a choice whether to automate their certificates," notes Mohit Kumar, VP of Product Management at GlobalSign. "This much tighter lifecycle forces organizations to stay proactive about certificate management."
The change also prepares internet infrastructure for future cryptographic challenges, including quantum computing threats. By enabling faster updates to security protocols, shorter certificate lifespans help systems adapt more quickly to emerging security needs.
While the security benefits are clear, critics worry about increased costs and administrative burdens, particularly for small businesses and organizations managing multiple domains. The shift will require significant adjustments in how websites handle their security credentials, with automated solutions becoming necessary rather than optional.
As the deadline approaches, organizations are advised to begin preparing their systems and processes for more frequent certificate renewals, marking a new era in web security management.