New SSL/TLS certs to each live no longer than 47 days by 2029
The CA/Browser Forum has decided that starting in 2029, the life span of SSL/TLS certificates will be limited to just 47 days. This drastic reduction aims to enhance security by ensuring that compromised certificates are only valid for a short period. As of now, certificates can last up to 398 days before they need renewal, but this will change over the next few years. The new schedule proposes intermediary limits of 200 days in 2026 and 100 days in 2027.
According to Tim Callan, a compliance officer at Sectigo, this move reflects a collective commitment to improving digital security. While this is good news for securing web communications, it raises concerns for IT administrators who face increased workloads with more frequent renewals.
Key Points
- Maximum lifespan of SSL/TLS certificates will be reduced to 47 days by March 2029.
- Current certificates can last up to 398 days before needing renewal.
- This change aims to limit the exploitation of stolen or compromised certificates.
- Intermediary renewal periods will be set at 200 days in 2026 and 100 days in 2027.
- All major tech companies, including Apple, Google, and Microsoft, support this initiative.
Why should I read this?
If you’re in the IT field, this is one change you won’t want to miss! The new rules about SSL/TLS certificates could mean more work for sysadmins like you as you’ll need to adapt to shorter renewal periods. It’s all about keeping our digital lives a bit safer, but it’s also going to require some changes to how you manage your certificates. Best to stay ahead of the curve and get clued up now!
“`