CA/Browser Forum Approves Historic 47-Day SSL Certificate Limit, Backed by Sectigo
The CA/Browser Forum has passed a significant ballot to reduce SSL/TLS certificate validity periods to a maximum of 47 days by 2029. This change, initially proposed by Apple and endorsed by Sectigo, will be implemented through a phased approach to enhance online security and prepare for quantum computing challenges.
Phased Implementation Timeline:
- March 15, 2026: Maximum 200 days validity (6-month renewal)
- March 15, 2027: Maximum 100 days validity (3-month renewal)
- March 15, 2029: Maximum 47 days validity (1-month renewal)
Key Benefits of Shorter Certificate Lifecycles:
- Enhanced Security
- Reduced exposure time of private keys
- Lower risk of man-in-the-middle attacks
- Decreased vulnerability to data breaches
- Automation Advancement
- Encourages automated certificate management
- Reduces manual, error-prone processes
- Enables faster adoption of security updates
- Quantum Computing Preparation
- Promotes crypto agility
- Facilitates quick algorithm updates
- Ensures compliance with evolving standards
The Domain Control Validation (DCV) reuse periods will also be adjusted accordingly, with the final phase reducing it to 10 days by March 2029.
This industry-wide change reflects a unified commitment to strengthening digital security and represents a significant step toward future-proofing internet infrastructure. Organizations are advised to prepare for this transition by implementing automated certificate management solutions and updating their security protocols accordingly.
The CA/Browser Forum, comprising certificate authorities, browser vendors, and major technology companies, regularly updates guidelines to maintain robust security standards and address emerging threats in the WebPKI ecosystem.