CertiSur
Control Panel
SSL / TLS March 27, 2026

TLS/SSL Certificates: Certificate Validity Period Reduction Accelerates Automation from 2026

The new CA/Browser Forum schedule reduces the lifespan of web certificates to 47 days in 2029 and shortens domain and organization validations, a change that requires reviewing internal processes to avoid digital service outages and reconfigures digital identity management in enterprises.

Certificados TLS/SSL: el recorte de vigencia acelera la automatización desde 2026

The CA/Browser Forum approved a schedule that will drastically reduce the validity period of TLS/SSL security certificates, the mechanism that enables encrypting communications and authenticating websites. The change will shift renewal cycles from an annual scheme toward increasingly shorter periods, with a final target of 47 days in 2029.

The first stage activated on February 24, 2026. From that date, certificate authorities limited the maximum validity of new certificates to 199 days, replacing the current cap of 397 days. Additionally, as of March 15, 2026, a maximum lifespan of 200 days will be formally established across the industry.

The reduction also affects associated validations. Organization validations (OV) will decrease from 825 to 397 days. Meanwhile, the reuse of domain validation information is restricted to a maximum of 199 or 200 days, depending on the platform.

Néstor Markowicz, COO of CertiSur, stated that the modification goes beyond a schedule adjustment and requires changing the operational management of certificates. "This change is not simply a reduction in timeframes; it is a structural transformation in the way organizations must manage their digital identity," said Markowicz, COO of CertiSur.

The official calendar anticipates further reductions. As of March 15, 2027, the maximum lifespan will drop to 100 days. Then, from March 15, 2029, it will be reduced to 47 days. This figure responds to a technical calculation by the sector: a maximum of 31 days, plus half a month (15 days) and one day of margin. For 2029, domain validation information will only be reusable for 10 days.

The measure was driven by Apple, with immediate backing from Google. The central argument maintains that information contained in certificates becomes less reliable over time, so frequent revalidation mitigates risk. It also points to limitations of the current certificate revocation system, based on protocols such as CRL and OCSP, which "has proven to be unreliable and is often ignored by browsers." In that scenario, manual management loses room to maneuver. "The conversation is no longer about certificate cost, but about operational risk," said Markowicz.

Source: Market

← Back to news