The CA/B Forum security certificates authority has voted to slash the maximum lifespan to just 47 days.
That’s according to journalist Iain Thomson, writing for The Register, a leading global IT news provider.
Accordingly, security certificates will be valid for just 200 days from next March. Lifespans will shrink again to 100 days from March 2027.
Consequently, by 15 March 2029, IT teams will have to refresh their SSL/TLS certification roughly every five weeks (47 days).
Previously, security certificates lasted for up to 398 days before new certificates were required.
Security certification supports HTTPS connections between browsers and websites.
However, Apple proposed last year to cut the maximum time between renewals. Shorter renewal times could reduce the risks of certificate abuse.
“Certificate consumers – Apple, Google, Microsoft, and Mozilla – voted unanimously in favour of the proposal.”
Entrust, IdenTrust, Japan Registry Services, SECOM Trust Systems, and TWCA abstained. While certification is available for free, some issuers charge for renewals, Thomson wrote.
Issuer Sectigo delivers management for security certificates
Tim Callan, chief compliance officer at Sectigo and vice-chair of the CA/B Forum, said shorter validity would enhance digital security and trust.
“This underscores the importance of agility and proactive risk management in today’s threat landscape while preparing for the risks of the quantum era,” he was quoted as saying.
Sectigo issues digital certificates.
Also, it’s a vendor of cloud-native platforms such as SCM Enterprise that offer visibility of digital certificates across multiple vendors and certificate lifecycle management with automation.
