"This change is not simply a reduction in timeframes; it is a structural transformation in the way organizations must manage their digital identity. What was once manageable manually now requires full visibility, centralized inventory, and automation of the lifecycle," explains Néstor Markowicz, COO of CertiSur.
"Companies that don't anticipate this will face avoidable interruptions in their critical services," Markowicz adds.
What other changes are coming for websites
Beyond the current reduction in certificate validity, websites face even more demanding changes in the coming years.
The official schedule from the CA/Browser Forum establishes that, as of March 15, 2027, the maximum useful life of TLS/SSL certificates will drop to 100 days, and from March 15, 2029, it will descend to just 47 days.
The decision to set the limit at 47 days responds to a specific technical calculation in the industry: it contemplates a maximum of 31 days, plus half a month (15 days), and one additional day as a margin of maneuver.
Although manual revalidation will still be possible, the industry warns that attempting it will practically be a guarantee of failures and interruptions in digital services. For that year, the information used for domain validation will only be able to be reused for 10 days. Although manual revalidation will still be possible, the industry warns that attempting it will be practically a guarantee of failures and disruptions in digital services.
This shift responds to a demand from technology companies like Apple, backed by Google , which maintain that trust in certificate information decreases over time.
CertiSur recommends that organizations anticipate these changes by reviewing their management processes and advancing certificate automation.
What do these changes mean for users
For users, the transformation in managing internet security certificates will have direct effects on browsing experience and trust when accessing online services.
As the validity period of TLS/SSL certificates shortens, web pages will need to renew their credentials much more frequently , which increases the technological demands on administrators, but, at the same time, strengthens protection mechanisms for those who navigate.
This new model significantly reduces the margin for a compromised certificate to remain active, decreasing the chances of "man-in-the-middle" attacks or spoofing.
Users will see sites that are more resilient to vulnerabilities, as security information will be verified and updated almost in real time.
Furthermore, if a website fails to meet the new deadlines and its certificate expires, it is likely that the browser will block access and inform the user of a possible risk, increasing transparency about each site's security conditions.
On the other hand, the transition could cause temporary outages or more frequent warning messages on sites whose administrators fail to automate certificate renewal.
However, the industry foresees that automation will become the standard, improving the stability and continuity of digital services. This could result in service interruptions, especially on those platforms that still rely on manual processes. However, the industry anticipates that automation will become the standard, improving the stability and continuity of digital services.