SSL certificates are changing – here’s what it means for you
SSL/TLS certificates are generally unsung heroes of IT, quietly going about their business of encrypting data, protecting users and ensuring that websites and applications are trusted. But a major industry shift in how long they remain valid is about to begin.
At present, public SSL/TLS certificates can be issued for a maximum of 398 days, or just over 13 months. For many organisations, these annual or near-annual renewals processes have been easy enough to handle manually. However, that approach is about to become much harder to sustain.
What’s changing and when
The maximum lifespan of SSL certificates will be reduced in stages over the next few years. Validity periods will, in stages, become shorter and shorter, with an eventual target of 47 days by March 2029. Here’s the timeline you need to be aware of:
- 15th March 2026: The maximum validity of newly issued public certificates is reduced from 398 days to a maximum of 200 days.
- 15th March 2027: The maximum lifespan of newly issued public certificates is lowered from 200 to 100 days.
- 15th March 2029: It is expected that the lifespan of newly issued certificates will be reduced again to a maximum of 47 days.
These changes are being phased in over a three-year period to avoid foisting any sudden transitions on users and make the process more manageable. Nevertheless, certificates that once lasted for more than a year will soon need to be renewed several times annually.
Why the industry is making this change
Security is the major consideration behind the move to shorter SSL/TLS certificate lifespans. Shorter validity periods limit the window in which attackers can exploit a compromised or mis-issued certificate, or one that uses cryptography that later becomes vulnerable.
In addition, shorter lifespans are intended to foster better hygiene when it comes to certificate management. This nudges organisations to adopt more modern approaches, such as automated issuance and renewal, instead of relying on long-lived certificates that can go unchanged for months.
What this means for your business
The most significant implications for organisations concern how the shift to shorter validity periods is handled. More frequent renewals mean a higher likelihood of expired certificates. This can lead to broken websites, service outages and failed integrations, which can all cause customers to lose trust as a knock-on effect. Even short disruptions can have real financial and reputational effects.
Currently, a lot of businesses track certificates in spreadsheets or rely on calendar reminders. With more frequent renewals, this kind of approach is unlikely to remain viable. Consistency, visibility and good governance around certificates will all become increasingly important.
Prepare now to avoid disruption later
While the final target of a 47-day validity period remains several years away, the first reduction in certificate lifespans will come in this March. This is why now is the right time to review how your organisation manages SSL certificates, identify manual processes where they exist, and consider whether they’ll still be fit for purpose as lifespans grow shorter.
Automation will be critical to reducing risk and ensuring reliability. Manually tracking expiry dates and renewing certificate will quickly become unworkable when several renewals are required per year. Automated certificate management ensures certificates are issued and renewed on time, reducing the risk of expired certificates causing outages while also enhancing security.
RELATED RESOURCES
The End of the Traditional Telephone Network
The UK’s traditional telephone network is approaching the end of its life, from January 2027 your business must be off the traditional analogue network or face major disruption….
News About Our Future
Solsoft Group Limited has officially joined the EKCO Group, under the EKCO MSP Division…
Mitigating human error in cybersecurity
Cybersecurity technology is evolving rapidly, but there’s one vulnerability that remains ever-present…