The CA/Browser Forum, a central body representing web browser developers, security certificate issuers, and others, has voted to shorten the lifespan of SSL/TLS certificates. From March 15, 2029, they will be valid for no more than 47 days, The Register reports. Today, certificates that underlie, for example, HTTPS are valid for up to 398 days before they need to be renewed.
The vote on the certificate expiration dates took place over the weekend, with 25 members voting in favor and Entrust, IdenTrust, Japan Registry Services, SECOM Trust Systems, and TWCA abstaining. Apple, Google, Microsoft, and Mozilla voted unanimously in favor of the proposal. According to a CA/B Forum spokesperson, the unanimity demonstrates the industry’s desire to strengthen digital security for all. Among other things, it is expected to help prepare for the risks of the “quantum computing era.”
Image source: Greg Martínez/unsplash.com
Thus, from March 15, 2026, all new certificates will be valid for 200 days, including Domain Control Validation (DCV). From March 15, 2027, the validity period will be reduced to 100 days. Finally, from March 15, 2029, new SSL/TLS certificates will be valid for 47 days, and DCV – only 10 days. It is noteworthy that since January 2020, Apple has already refused to accept TLS certificates with a validity period of more than 398 days (13 months).
Gradually tightening requirements are expected to help companies adapt to the changes. System administrators will likely have to switch to automated systems for working with SSL/TLS certificates in the near future.