CA/Browser Forum Approves Landmark Decision to Reduce SSL/TLS Certificate Lifespans to 47 Days by 2029
In a groundbreaking move aimed at strengthening online security, promoting automation in certificate management, and preparing for quantum computing challenges, the CA/Browser (CA/B) Forum has unanimously passed a ballot to reduce the maximum validity term of SSL/TLS certificates to just 47 days by 2029. This landmark decision, endorsed by Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), represents a significant step forward in enhancing digital trust and security across the internet.
A Phased Approach to Shorter Certificate Lifespans
The newly approved measure, initially proposed by Apple and endorsed by Sectigo in January 2025, will implement the changes through a phased approach designed to give organizations time to adapt:
- March 15, 2026: The maximum lifespan of TLS certificates will be reduced to 200 days, accommodating a six-month renewal cadence. The Domain Control Validation (DCV) reuse period will also decrease to 200 days.
- March 15, 2027: Certificates will further shrink to a maximum lifespan of 100 days, supporting a three-month renewal cycle. The DCV reuse period will align with this timeframe at 100 days.
- March 15, 2029: The final phase will see the maximum lifespan drop to just 47 days, allowing for monthly renewals. The DCV reuse period will be reduced to 10 days.
This gradual reduction ensures that businesses have ample time to transition while encouraging the adoption of automation tools to streamline certificate management.
Why Shorter Certificate Lifespans Matter
Shortening the lifespan of SSL/TLS certificates is not just about compliance—it’s about building a more secure and agile internet ecosystem. Here’s how this change benefits the digital landscape:
1. Enhanced Security
Shorter certificate lifespans significantly reduce the risk of private keys being compromised by limiting their exposure to potential threats. This minimizes vulnerabilities such as man-in-the-middle attacks and data breaches, ensuring stronger protection for sensitive information.
2. Encouraging Automation
Manually managing certificates with frequent renewals can be cumbersome and error-prone. By reducing certificate lifespans, the industry is driving organizations to adopt automated solutions for certificate issuance and management. Automation enables faster integration of emerging security capabilities, updates to cryptographic algorithms, and adherence to evolving best practices.
3. Preparing for Quantum Challenges
As quantum computing advances, traditional cryptographic methods may become obsolete. Shorter certificate lifespans foster crypto agility, enabling organizations to quickly adopt stronger algorithms and stay compliant with future security standards. This proactive approach ensures readiness for the quantum era.
Industry-Wide Support for the Change
“The industry’s unified support for reducing certificate lifespans to 47 days reflects a shared commitment to enhancing digital security and trust for all,” said Tim Callan, Chief Compliance Officer at Sectigo and Vice-Chair of the CA/Browser Forum. “This pivotal advancement underscores the importance of agility and proactive risk management in today’s threat landscape while preparing for the risks of the quantum era.”
At Sectigo, this initiative aligns with its long-standing advocacy for shorter certificate lifecycles. “At Sectigo, we have long advocated for shorter certificate lifecycles as a crucial step in bolstering internet security, which is why we endorsed this ballot from its inception,” said Kevin Weiss, CEO of Sectigo. “This collaborative effort showcases the industry’s unified commitment to enhance digital trust for all while empowering customers to prepare for a quantum future.”
Sectigo: Leading the Way in Automated Solutions
As a leader in digital trust solutions, Sectigo is fully equipped to support its customers and partners through this industry-wide shift. Its advanced Certificate Lifecycle Management (CLM) solutions, including the Sectigo Certificate Manager (SCM), provide a cloud-native platform that automates the entire SSL/TLS certificate lifecycle. For channel partners, Sectigo offers Certificate as a Service (CaaS), enabling them to future-proof their customers’ certificate needs under a single API.
While the enforcement of the new guidelines is still pending, organizations are encouraged to view this transition as an incremental step toward future-proofing their operations rather than an abrupt or radical change. “We believe it’s important for organizations to embrace this shift as part of their long-term strategy,” added Callan. “Sectigo’s automated solutions are designed to make this transition as smooth as possible, allowing businesses to focus on their core operations while maintaining robust digital security.”
The Role of the CA/Browser Forum
The CA/Browser Forum plays a critical role in shaping the future of public key infrastructure (PKI). As a voluntary consortium of certificate authorities (CAs), browser vendors, and major technology companies, the Forum establishes guidelines for public TLS, Code Signing, and S/MIME certificates. Regular updates to these guidelines ensure that the WebPKI remains resilient against emerging threats, incorporates new technologies, and improves process accuracy and reliability.
Sectigo currently holds five active chair positions within the CA/Browser Forum—the most of any member—demonstrating its leadership and commitment to advancing digital trust standards.
Preparing for a Secure Future
The decision to reduce SSL/TLS certificate lifespans to 47 days by 2029 marks a transformative moment for the digital security landscape. By enhancing security, encouraging automation, and preparing for quantum challenges, this initiative sets a new benchmark for protecting the internet’s ecosystem.
For organizations, the key takeaway is clear: embracing automation and adopting proactive strategies will be essential to navigating this transition successfully. With innovative solutions like those provided by Sectigo, businesses can seamlessly adapt to the changing requirements, ensuring they remain secure, compliant, and ready for the challenges of tomorrow.
About Sectigo
Sectigo is the most innovative provider of certificate lifecycle management (CLM), delivering comprehensive solutions that secure human and machine identities for the world’s largest brands. Sectigo’s automated, cloud-native CLM platform issues and manages digital certificates across all certificate authorities (CAs) to simplify and improve security protocols within the enterprise. Sectigo is one of the largest, longest standing, and most reputable CAs with more than 700,000 customers, six combined active seats in the CA/Browser Forum and ETSI, and two decades of delivering unparalleled digital trust. For more information, visit www.sectigo.com or follow us on LinkedIn.
