Every SSL/TLS certificate has a defined lifespan. Website owners for years have enjoyed the convenience of multi-year certificates, often lasting up to five years. That changed in 2020 when the Certificate Authority Browser (CA/B) Forum set the global rules for digital certificates, capped SSL validity to 398 days, roughly 13 months. The change wasn’t arbitrary but reflected the industry’s growing need for stronger, shorter-lived certificates that reduce the window of exposure if a private key is ever compromised. But the tightening doesn’t stop there. A new proposal, Ballot SC-81v3, is set to reduce SSL validity even further to just 47 days by 2029. If that sounds extreme, it’s because the web is moving toward continuous trust validation where certificates refresh almost as frequently as passwords. What this means for organizations is significant and manual certificate renewal including the process of logging into a Certificate Authority’s dashboard, reissuing a cert, and reconfiguring servers will no longer be practical at such short intervals. It is a clear sign that the industry now expects enterprises to lead with automation while managing their certificate lifecycles. But before diving into that it’s worth looking at what actually happens when an SSL certificate slips past its […]
