CertiSur
Control Panel
SSL / TLS October 3, 2025

The future of SSL: the imminent challenge and how to prepare for the future

The future of SSL: the imminent challenge and how to prepare for the future The recent decision by the CA/Browser Forum marks a turning point in the history of the internet trust ecosystem. By an overwhelming majority, browsers and certificate authorities agreed to progressively reduce the maximum validity of SSL/TLS certificates until reaching just 47 days in 2029.

El futuro del SSL: el reto inminente y cómo prepararte para el futuro

Opinion note by Néstor Markowicz , COO of CertiSur.

How did we get here?

The history of digital certificates is marked by a constant tension between security and operability . For years, the validity of certificates has been decreasing: from 5 years in the early days, to 3, then 2, and since 2020, a maximum of 1 year. This evolution was driven by security incidents, breaches in Certificate Authorities, and the need to prevent a compromised certificate from remaining active for too long.

Browsers, led by Apple, Google, and Mozilla, have been driving these changes with the objective of strengthening ecosystem security. The logic is clear: shorter certificates imply a smaller window of exposure in case of a compromised key.

But this new leap is of unprecedented magnitude.

The new timeline

The decision establishes a reduction in three stages:

  • March 2026: validez máxima de 200 días.
  • March 2027: se reduce a 100 días.
  • March 2029: el límite será de solo 47 días.

This represents a structural change in how organizations manage their digital trust infrastructure.

What does this mean for businesses?

The main consequence is clear: it will no longer be viable to continue renewing certificates manually . With dozens or hundreds of certificates in an organization, such short validity cycles will make traditional management unfeasible.

The only way to adapt is through the automation of the certificate lifecycle : issuance, renewal, implementation, and monitoring. Companies must review their internal policies, audit their certificate inventory, and adopt tools that allow them to automate these tasks securely and reliably.

In this context, having a reliable technology partner with solid experience in similar implementations is key to ensuring the success of the project . Choosing a strategic partner that understands the complexity of the PKI ecosystem, that has robust discovery and automation solutions, and that can support the integration with the organization's internal systems can make the difference between an orderly transition and a scenario full of operational risks.

Ignoring this change is not an option. An expired certificate implies the failure of critical services, operational interruptions, loss of reputation, and possible regulatory sanctions in sensitive sectors such as finance or healthcare.

A necessary (and possible) change

Although the change may seem disruptive, it is also an opportunity to modernize digital identity management within organizations. The good news is that solutions exist, both in the public and private sectors, and allow you to anticipate these changes in advance.

The first step is inform , the second is diagnose , and the third,automate.

This new paradigm challenges us to improve our processes and adopt more agile technologies. In the era of digital risk, trust is not static: it is built, renewed and, above all, automated.

On the blog at DigiCert you can read a note on this topic.

← Back to news