Industry to Shift to Shorter SSL/TLS Certificate Validity from 2026

Updated: 29 Dec 2025
Article #: 30


We are writing to share an important industry-wide update regarding SSL/TLS certificates that will begin taking effect in 2026.

These changes were recently approved by the CA/Browser Forum (the standards body for the digital certificate industry) and will apply to all public Certificate Authorities (CAs) and major browsers.

1. What is changing?

Starting 15 March 2026, the maximum validity period for newly issued public SSL/TLS certificates will be reduced in phases:

  • From 15 March 2026: Max validity reduces to 200 days (~6 months).
  • From 15 March 2027: Max validity reduces to 100 days (~3 months).
  • From 15 March 2029: Max validity reduces to 47 days (~1.5 months).

Important Note on Purchasing: Your purchasing and billing process remains the same. Certificates will continue to be sold as annual (or multi-year) subscriptions. You will simply need to re-issue the certificate more frequently within that paid coverage period to comply with the new industry limits.

2. Why are these changes happening?

The industry is moving toward shorter certificate lifespans for several security and operational reasons:

  • Data Freshness: Shorter lifespans ensure that domain ownership and organization identity are verified more frequently.
  • Key Rotation: Regular re-issuance encourages more frequent rotation of private keys, reducing the window of exposure if a key is ever compromised.
  • Agility: Shorter-lived certificates allow the industry to transition more quickly to newer security standards or algorithms when needed.
  • Outage Prevention: These changes are designed to encourage the adoption of automation, which helps eliminate manual errors and unplanned outages due to expirations.

3. What this means for you

Operationally, you will need to perform Domain Control Validation (DCV) and re-install your certificates more often:

  • More Frequent Re-issuance: Instead of once a year, you will eventually re-issue certificates multiple times per year within your existing subscription.
  • DCV Re-validation: The allowed reuse period for DCV evidence will also shrink (eventually to 47 days by 2029), meaning domain validation will need to be refreshed more regularly.
  • OV/EV Reuse: For Organization and Extended Validation, identity data reuse will be capped at 398 days starting in March 2026.

4. How we will assist

We are committed to helping you navigate these transitions smoothly:

  • Continued Annual Billing: We will continue to support your current annual PO and credit procurement process so there is no disruption to your budget cycles.
  • Timely Notifications: We will provide clear updates and reminders as the 2026 deadline approaches to ensure you are aware of upcoming re-issuance requirements.
  • Technical Guidance: We will share updated documentation and industry best practices to help your team manage the more frequent DCV and installation workflows.
  • Automation Insights: We are currently evaluating various automation approaches and will share our findings to help you streamline these processes in the future.

No immediate action is required at this time. We will continue to share more information as we get closer to the effective dates.

Please let us know if you have any questions regarding how these timelines might affect your current certificate inventory.






Rate this Topic:
Rating: 0.00 / Votes: 0