Preparing for 47-Day SSL/TLS Certificates: What You Need to Know

The CA/Browser Forum has officially approved a phased reduction in SSL/TLS certificate lifespans, aiming for a maximum validity of just 47 days by 2029. The decision was made in April 2025, when the CA/Browser Forum approved Ballot SC-081v3, originally proposed by Apple. The ballot received 29 votes in favor and none opposed, signaling a strong consensus among certificate authorities and browser vendors for the new policy.

Phased Reduction Timeline

• March 15, 2026:
  • Maximum certificate lifespan: 200 days
  • Domain validation reuse: 200 days (down from 398 days)
  • OV/EV validation reuse (SII): 398 days (down from 825 days)
• March 15, 2027:
  
  • Maximum certificate lifespan: 100 days
  • Domain validation reuse: 100 days
• March 15, 2029:
  • Maximum certificate lifespan: 47 days
  • Domain validation reuse: 10 days

The Reason Behind the Change

Shortening certificate lifespans is intended to reduce the security risks associated with long-lived certificates. Certificates valid for extended periods may rely on outdated information, use deprecated cryptographic algorithms, or remain active even after private keys have been compromised. By reducing lifespans, the industry encourages faster adoption of updated security standards and minimizes the window of vulnerability.

Benefits of Shorter Lifespans

1. Enhanced Security: More frequent encryption key rotation limits exposure to compromised certificates
2. Reduced Vulnerability Window: Less time for attackers to exploit compromised certificates
3. Improved Agility: Faster adoption of new security standards
4. Simplified Revocation: Less reliance on complex revocation processes

Challenges and the Automation Imperative

The parallel reductions in both certificate lifespans and validation reuse periods create compounded operational demands:

• Teams must now manage both more frequent renewals and increased validation workloads
• Manual processes become impractical at scale due to intersecting deadlines
• Error margins shrink with tighter validation windows

These challenges underscore the critical need for certificate automation.

SSL.com’s Automation Solutions

To address these challenges, SSL.com offers robust automation tools:

1. ACME Protocol Support: A certificate lifecycle protocol for streamlined and automated certificate issuance and renewal.
2. Comprehensive API: Ready-made integration solutions that can manage certificate lifecycles through:
   • RESTful endpoints
   • CI/CD platform integrations (GitHub Actions, Azure DevOps, Jenkins)
   • Hardware Security Module (HSM) integrations

Preparing for the Future

1. Assess Your Current State: Evaluate existing certificate management practices
2. Implement Automation: Utilize SSL.com’s ACME support and API for efficient certificate lifecycle management
3. Educate Your Team: Ensure your IT staff understands best practices for automated certificate management
4. Stay Informed: Keep up with industry changes and adapt proactively

Conclusion

The move to 47-day SSL/TLS certificates boosts security via frequent validation updates but demands automation for efficiency. SSL.com’s solutions (ACME, APIs, cloud HSM) simplify compliance, turning mandates into strategic upgrades while ensuring long-term resilience.

Contact our team about SSL.com’s Certificate Management Solutions