Sectigo Endorses Major Browser’s Groundbreaking Ballot to Reduce Public SSL/TLS Certificate Lifecycles to 47 Days by 2028

Shortened certificate lifecycles demand massive operational overhaul for enterprises relying on manual processes

Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), today announced it has endorsed a ballot submission to the CA/Browser Forum that proposes a significant reduction to public SSL/TLS certificate lifecycles. The ballot, spearheaded by Apple, seeks to reduce the maximum certificate lifecycle from the current 398 days to 47 days by 2028, representing a major potential shift in digital certificate management.

In recent years, Apple and other major web browsers have been advocating for shorter public certificate lifecycles. Shortening certificate lifespans brings a cluster of important benefits to the WebPKI, including increased security, better crypto agility, and closer alignment of certificate ownership to domain control. For these reasons and more, certificate validity periods have gradually decreased from several years to the current 398-day maximum. These ongoing changes are expected to promote faster adoption of security updates and improve overall crypto agility. Further, the automation required to manage these shorter certificates lifespans better positions organizations to prepare for impending transitions to postquantum cryptography (PQC) by enabling them to respond more quickly to evolving cryptographic standards and potential quantum threats.

"As the industry moves towards shorter public certificate lifecycles, including Apple's proposal to step down to 47-day maximum TLS term, we at Sectigo recognize both the security benefits and operational challenges this transition presents," said Tim Callan, chief compliance officer at Sectigo and vice-chair of the CA/Browser Forum. "These changes are crucial for enhancing security, but they also demand a shift towards automated certificate lifecycle management. Organizations must embrace automated solutions to ensure seamless renewals and avoid potential service disruptions. We are committed to supporting businesses through this critical industry shift."

Key Implications for Enterprises

While the proposed updates aim to bolster security, they necessitate noteworthy adjustments in digital certificate management. The shift to shorter validity periods increases certificate renewal frequencies, posing substantial operational challenges for businesses, especially those relying on manual processes. To mitigate the risk of missed renewals, potential system outages, and compliance breaches, organizations must adopt automated certificate lifecycle management solutions, especially those that leverage the ACME (Automated Certificate Management Environment) protocol. This transition will also require businesses to adjust their financial and strategic planning, potentially embracing new subscription models from certificate providers that align with these shorter certificate lifecycles.

Apple’s Proposed Phased Approach

Rather than immediately shifting to 47-day lifespans, Apple would follow a phased approach, with lifespans shrinking at a slower and steadier pace each year. This gradual approach by Apple not only demonstrates a thoughtful strategy for implementing considerable change, driving to the end goal, but allows organizations time to adapt their infrastructure and processes. The proposed timeline provides businesses with a structured pathway to update their certificate management systems, implement automated renewal processes, and minimize potential disruptions.

To learn more about shorter certificates and how you can prepare your business, please visit https://www.sectigo.com/47-day-ssl

About Sectigo

Sectigo is the industry’s most innovative provider of comprehensive certificate lifecycle management (CLM), with automated solutions and digital certificates that secure every human and machine identity for the world’s largest brands. Its automated, cloud-native, universal CLM platform issues and manages digital certificates provided by all trusted certificate authorities (CAs) to simplify and improve security protocols across the enterprise. Sectigo is one of the longest-standing and largest CAs with more than 700,000 customers and two decades of delivering unparalleled digital trust. For more information, visit www.sectigo.com or follow us on LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250130941852/en/