1. Automation Is Now Necessary for Certificate Lifecycle Management
The era of long-lived certificates is over. TLS certificate validity, which has been gradually decreasing to 47 days (including a recent drop to 200 days), is now prevalent across the industry. However, the conversation at RSAC 2026 shifted from timetables to how organizations can best prepare for shortened certificate lifetimes. The reduction aligns with modern zero-trust practices, improves compliance, and future-proofs systems against evolving threats, such as quantum computing, while also aligning with the Baseline Requirements set by the CA/B Forum.
Dustin Ward, SSL’s EVP of Technology, framed the operational stakes clearly: “Going from 398-day certs to 200, then 100, and eventually 47 is an 8x increase in rotation frequency. If your answer is still manual processes and loosely connected tooling, you’re already behind.”
For organizations still relying on calendar reminders and spreadsheets to track certificate expiration, manual methods aren’t scalable at 47-day intervals. Automation, multi-CA readiness, and a well-structured private PKI strategy aren’t optional add-ons anymore. They’re the foundation of staying operational when renewal cycles tighten.
2. Post-Quantum Cryptography (PQC) Is Closer Than You Think
For years, PQC has lived in the “important but not urgent” category for most enterprises. However, that position shifted notably at RSAC 2026. Ram Kishore, SSL’s Global Head of Solutions Architecture, summed it up: “The era of ‘we’ll deal with it later’ is over. Quantum threats aren’t theoretical problems for the future. Acting early means staying secure, nimble, and ahead of compliance and ecosystem changes.”
Fresh off the heels of RSAC 2026, Google Research published a new whitepaper showing that future quantum computers could break elliptic-curve cryptography with far fewer resources than previously estimated, prompting Google to formally set a 2029 migration target for its own systems.
“PQC readiness isn’t a research exercise. It’s a business continuity decision,” states Leo Grove, SSL’s President and CEO. “Organizations need a concrete migration plan today, not when the threat becomes visible.”
Whether Google’s 2029 timeline holds or the window descends sooner, the runway for a well-managed, disruption-free transition to post-quantum cryptography is getting shorter by the month.
3. Agentic AI Is Reshaping the Threat Landscape
If PQC was the most urgent topic at RSAC, agentic AI was the most omnipresent. Nearly every conversation touched on it, and the discussion had moved well past hypotheticals.
Daniel Rendon, SSL’s EVP of Strategic Partnerships and Business Development, described what he heard throughout the week: “Agentic AI is completely overhauling how businesses operate, with autonomous systems handling workflows at speeds and scales that human teams can’t match. But every agent acting on your behalf is also a potential attack vector.”
The implications for digital trust run deep. As AI agents proliferate across enterprise workflows, the ability to verify identity, authenticate content, and protect brand signals in email and digital media becomes critical infrastructure. Ram Kishore pointed toward a practical path forward: “As we think about agentic AI and third-party AI systems, identity becomes the answer. That’s where tools like C2PA and VMCs come into the conversation, connecting content protection and brand protection together.”
SSL is active on both fronts. As a publicly trusted CA and a C2PA trust list member, SSL issues C2PA-conformant certificates that bind verified identity metadata to digital content, making it tamper-evident and traceable. Additionally, SSL issues Verified Mark Certificates (VMCs), allowing organizations to display authenticated logos in email inboxes, enhancing brand trust when phishing and spoofing are prevalent.
Closing Thoughts from Leo Grove
For Grove, RSAC 2026 served a purpose beyond any single session or announcement. “We saw unprecedented levels of excitement surrounding the future of digital trust. The RSAC conference serves as a reminder to us all about upcoming changes, new challenges, and the vital actions that we must take to best serve our customers,” he said.
Grove also noted something for the broader CA community: Certificate authorities were underrepresented on the show floor. “Most of the larger presences came from organizations that touch PKI indirectly. Next year, I would love to see more CAs take advantage of the opportunity and engage with this much wider audience, thereby giving customers a chance to interface with us directly as well.”
Missed the SSL team’s full daily updates from the conference? Catch up on the full journal here.
Ready to prepare for shorter certificate lifecycles, multi-CA readiness, or your post-quantum migration path? Contact us today to schedule a personalized consultation. Our digital trust experts will review your current strategies, answer your questions, and help you build a tailored plan for your organization’s next steps.
