Starting March 2029, public SSL/TLS certificates will have a maximum validity of just 47 days, as decided by the CA/Browser Forum, which includes tech giants like Apple, Google, Mozilla, Microsoft, and certificate authorities such as DigiCert and GlobalSign. This shift will roll out gradually: 200 days in 2026, 100 days in 2027, and finally 47 days in 2029. Spearheaded by Apple and backed by companies like Sectigo and Google, the change aims to boost web security by minimizing the exposure time of compromised or misconfigured certificates while encouraging automated certificate management practices.
For developers and infrastructure teams, this is a game-changer. Manually renewing certificates every 47 days is a logistical nightmare, making automation tools like the ACME protocol and Certificate Lifecycle Management (CLM) platforms essential. Integrating certificate management into CI/CD pipelines will help prevent downtime from expired certificates. Additionally, the domain control validation (DCV) reuse period will drop to 10 days, demanding even tighter automation.
Proactively adopting these solutions now will not only ensure compliance but also prepare businesses for future security challenges, such as post-quantum cryptography. Stay ahead by automating your SSL/TLS certificate workflows today.
