SoylentNews is people
SoylentNews
Submission Preview
CA/Browser Forum votes to reduce the maximum validity term of SSL/TLS certs to 47 days by 2029
The stated aim is to promote better security by encouraging automation of certificate renewal, and this is the narrative promoted by vendors who will coincidentally benefit mightily from increased certificate and services sales.
The story was picked up by most of the usual tech channels such as Computerworld
https://www.computerworld.com/article/3960658/vendors-vote-to-radically-slash-website-certificate-duration.html [computerworld.com]
who have a decent summary of the likely consequences, but here is an exercept from the press release of one vendor: Sectigo
https://www.sectigo.com/resource-library/sectigo-cab-reduce-ssl-tls-certificates-lifespan-47-days [sectigo.com]
Scottsdale, AZ — April 14, 2025 — Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), today announced that the CA/Browser (CA/B) Forum ballot it endorsed to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029 has passed. This groundbreaking move to shorten digital certificate lifespans seeks to enhance online security, drive automation in certificate management, and ready systems for quantum computing challenges by improving crypto agility.
The newly approved measure, initially proposed by Apple and endorsed by Sectigo in January 2025, will gradually reduce certificate lifespans from the current 398 days to 47 days through a phased approach:
March 15, 2026: Maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The Domain Control Validation (DCV) reuse period reduces to 200 days.
March 15, 2027: Maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days.
March 15, 2029: Maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days.
“At Sectigo we have long advocated for shorter certificate lifecycles as a crucial step in bolstering internet security, which is why we endorsed this ballot from its inception,” said Kevin Weiss, chief executive officer at Sectigo. “This collaborative initiative passed by the CA/Browser Forum not only showcases the industry’s unified commitment to enhance digital trust for all but also empowers customers to be at the leading edge of preparing for a quantum future.”
