TLS Certificate Lifetimes Will Officially Reduce to 47 Days
a year ago
- #TLS certificates
- #automation
- #CA/Browser Forum
- CA/Browser Forum voted to shorten TLS certificate lifetimes and reuse of CA-validated info.
- First impacts start in March 2026, with certificate validity reduced to 47 days.
- Domain/IP validation reuse period drops to 398 days from 825 for OV/EV certificates.
- Shorter lifetimes aim to improve trustworthiness by frequent revalidation.
- Revocation systems (CRLs, OCSP) deemed unreliable; short-lived certificates (7 days) don't require them.
- Automation is essential; costs won't increase as replacements are covered by annual subscriptions.
- DigiCert offers automation solutions like Trust Lifecycle Manager and CertCentral with ACME support.