CertiSur
Control Panel
SSL / TLS April 18, 2023

The Future of SSL: The Imminent Challenge and How to Prepare for the Future

The new paradigm that changes certificate validity periods challenges companies to adopt more agile technologies. In the era of digital risk, trust is not static: it is built, renewed, and above all, automated.

El futuro del SSL: el reto inminente y cómo prepararse para el futuro
In 2023, an expired digital certificate caused a significant outage of services in the Starlink satellite constellation, operated by SpaceX. The same thing happened in March of this year with Google's Chromecast services. The management of this type of certificates—which are those that guarantee the security of information exchange on public networks through encrypted communications—is becoming a complex and critical issue, and it will be much more so in the coming years due to new regulations and the shortening of validity periods. That's why the recent decision of the CA/Browser Forum marks a before and after in the history of the internet trust ecosystem. By overwhelming majority, browsers and certificate authorities agreed to progressively reduce the maximum validity of SSL/TLS certificates until reaching just 47 days in 2029. CA/Browser Forum is an organization that brings together certificate authorities and Internet browser providers, such as Google, Mozilla and Microsoft, and major technology companies like Apple. This forum, created in 2005, is responsible for establishing the standards that regulate digital certificates installed on servers, and also controls (with great rigor) their compliance. This is a process that has begun slowly with the gradual reduction of certificate validity: a 5-year term in the early days, then 3, then 2, and since 2020, a maximum of 1 year of validity. This evolution was driven by security incidents, breaches in Certificate Authorities and the need to prevent a compromised certificate from remaining active for too long. The logic is clear: shorter certificates mean a smaller window of exposure in case of a compromised key. But this new jump is of an unprecedented magnitude and establishes a schedule in three phases.
  • March 2026: maximum validity of 200 days.
  • March 2027: reduced to 100 days.
  • March 2029: the limit will be only 47 days.
What do these new deadlines imply? This represents a structural change in the way organizations manage their digital trust infrastructure and the main consequence is clear:it will no longer be viable to continue renewing certificates manually because with dozens or hundreds of certificates in an organization, such short validity cycles will make traditional management unfeasible. The only way to adapt is through automation of the certificate lifecycle: issuance, renewal, deployment and monitoring, and for that, companies must review their internal policies, audit their certificate inventory and adopt tools that allow these tasks to be automated safely and reliably. In this context, having a trustworthy technology partner with solid experience in similar implementations is key to ensuring project success. The choice of a strategic partner that understands the complexity of the PKI ecosystem, that has robust discovery and automation solutions, and that can support integration with the organization's internal systems, can make the difference between an orderly transition and a scenario full of operational risks.Ignoring this change is not an option . An expired certificate results in the failure of critical services, operational interruptions, loss of reputation and possible regulatory sanctions in sensitive sectors such as finance or healthcare.
← Back to news