Support
Loading...

SSL/TLS Certificate Lifespan Cuts: Countdown to 47-Day Validity by 2029

16 July 2025

The CA/Browser Forum has endorsed a significant enhancement to the SSL/TLS Baseline Requirements that will shorten certificate lifespans and restrict how long validation data can be reused. Rolling changes begin March 15, 2026, and will stretch until March 15, 2029, with the goal of ultimate validity periods being reduced to just 47 days.

This strategy aims to support more frequent certificate rotation and stronger security hygiene by imposing tighter controls. The timeline lays out gradual decreases to help everyone adjust without disruptions.

Certificate Validity Timeline

From now until March 15, 2026, SSL/TLS certificates remain valid for up to 398 days. As of March 15, 2026, the limit drops to 200 days. A further reduction comes on March 15, 2027, to 100 days. Finally, by March 15, 2029, the maximum validity will be only 47 days.

In parallel, the reuse window for Domain Control Validation (DCV) data tracks similarly: 398 days until March 2026, then 200 days, followed by 100 days, and ultimately just 10 days by 2029.

Additionally, for OV and EV certificates, Subject Identity Information (SII) reuse will fall to 398 days from 825 days starting in March 2026—a change that doesn’t apply to DV certificates.

Why These Shorter Lifespans Matter

By trimming certificate durations down to 47 days, the CA/Browser Forum addresses the fundamental weakness of outdated or compromised certificates lingering in circulation. Traditional revocation methods, such as CRLs or OCSP, often go unheeded by browsers, limiting their effectiveness.

The shorter validity periods ensure that certificates—and any outdated cryptographic mechanisms—are rapidly cycled. As Apple stated in its proposal, this change signals that automation for certificate renewal is no longer optional—it’s essential.

What It Means for Enterprises

Organizations managing large certificate portfolios will face growing pressure to refine their renewal workflows, revalidation strategies, and certificate lifecycle practices. As the reuse intervals shrink, manual processes risk becoming error-prone and unsustainable.

The move underscores the importance of automation tools like ACME or API-driven renewal systems. They’re no longer just convenient—they’re critical to prevent outages, reduce staffing burdens, and maintain compliance in this new environment.

Preparing for the Shift

This phased approach—from 398 days today to 47 days by March 15, 2029—is more than a policy update: it’s a structural shift requiring technical and operational readiness across the industry.

To stay secure and compliant, it's vital to adopt automated certificate lifecycle management solutions now, rather than later. Organizations that act early will be better equipped to handle the increasingly compressed renewal cycles and avoid service interruptions.

Make the Transition Seamless with NicNames.com

As certificate lifespans shrink and automation becomes mission-critical, choosing a trusted provider makes all the difference. At NicNames.com, you can register SSL/TLS certificates that meet the latest industry standards, with full support for automation tools and lifecycle integration.

Start simplifying your SSL management today — explore affordable options and get expert guidance at every step. Future-proof your website security with NicNames.com.

Share this article:
Ask Jexi