Within the framework of Segurinfo Iberoamerican 2026 , held at the Sheraton Buenos Aires Hotel & Convention Center,CertiSur gave the presentation 47 days. TLS/SSL in sprint mode. Teams on autopilot , focused on one of the most relevant changes facing digital security today: the drastic reduction in the lifespan of certificates.
The transition already has concrete dates. Starting from February 24, 2026 , certificate authorities limited the validity of new certificates to 199 days , replacing the current limit of 397. Then, from March 15, 2026 , a maximum useful life of 200 days was formally established for the entire industry.
But that's just the beginning. The timeline continues with a reduction to 100 days in 2027 and, finally, to 47 days in 2029 , which completely redefines the way companies manage their digital infrastructure.
It's not just validity: validations are changing too
The impact is not limited to the certificate itself. The associated validation times are also reduced.
Organization (OV) validations will drop from 825 to 397 days, while domain validation reuse will be limited to 199 or 200 days in 2026 and barely 10 days in 2029.
This means that processes that today can reuse information over long periods will need to be executed much more frequently, increasing operational complexity.
Why 47 days
The ultimate goal of 47 days is not arbitrary. It responds to a technical calculation by the sector: one month (31 days), an additional half month (15 days), and one extra day of operational margin.
However, the real change is not in the number, but in its consequences. With such short cycles, manual management is no longer viable.
During the talk, Néstor Masnatta, CertiSur Project Manager , was emphatic on this matter:When certificates start to have increasingly shorter durations, the operational effort grows to a point where it is no longer possible to sustain it manually. With 47 days, it is simply out of range.
The change responds to a concrete concern in the industry. The information contained in certificates loses reliability over time , and current revocation mechanisms—such as CRL and OCSP—have proven to be ineffective or directly ignored by browsers.
Reducing the useful life allows mitigate the impact of compromised keys and accelerate the adoption of new cryptographic standards.
But that benefit has a cost: it forces a change in how certificates are operated.
Masnatta explained it in practical terms: "We need to start acting as a company to automate the certificate lifecycle, because if we don't, every renewal becomes an operational burden that scales and ends up generating errors or outages".
The first problem: not knowing what certificates exist
One of the most relevant points of the talk was that many organizations don't even have complete visibility of their certificates.
Before thinking about automation, the first step is discovery: "If we don't know where our certificates are, it's impossible to automate. The first step is to have discovery tools that allow us to build a complete inventory".
This inventory allows understand what certificates exist, where they are installed, when they expire, and what level of criticality they have within the operation.
From there, you can only then move forward: "Once we have that visibility, we start to automate based on each certificate and its context".
Cryptographic agility: the new standard
Beyond automation, the talk introduced a key concept: crypto-agility.
In an environment where cryptographic standards can change rapidly, organizations need real-time adaptive capacity. "Before we had time to wait for the renewal and make changes there. Now we don't: if there's an update to algorithms or protocols, we have to apply it across the entire certificate fleet simultaneously".
This point is especially critical in face of future scenarios, where systems will need to be secure for both current technologies and new computational paradigms.
Automate, but with strategy
Far from proposing immediate total automation, CertiSur proposed a progressive approach. "Not everything can be automated at the same time. You have to establish priorities: there are simpler environments and others that are more complex".
This means that companies will need to evaluate their infrastructure, identify critical assets, and advance in a phased manner.
How to manage this new scenario
From the technical side, Francisco Javier García Apa, Infrastructure Analyst at CertiSur , showed how this change is already being addressed by concrete platforms in the market, starting with DigiCert. "La gestión moderna se basa en cinco pilares: discovery, certificate and user management, automation, notifications and integrations".
In DigiCert's case, the process begins with automated certificate discovery within the infrastructure, based on scans of networks, ports, and services.
"We can obtain the certificate with all its details: the key size, the signature algorithm, the issuing entity and its security level".
From that visibility, the platform allows you to define policies and fully automate the lifecycle: "Once we have identified the certificate, we can schedule when we want the automation to run and the renewal is performed without manual intervention".
Furthermore, they highlighted the role of agents installed in the infrastructure: "The agent performs local discovery, scans ports and detects what certificates are associated with each IP, which allows automating the entire issuance and installation process".
Next, García Apa presented the approach of AppViewX , a platform that stands out for its ability to operate in an agnostic manner with respect to certificate authorities."AppViewX is agnostic: puede trabajar con DigiCert, GlobalSign, Sectigo o cualquier otra autoridad certificante".
In this case, the focus is on comprehensive visibility of the certificate portfolio and its status: "It allows you to see the entire lifecycle of certificates, when they were issued, when they expire and the security level they have within the environment".
It also incorporates advanced automation capabilities: "It has a very powerful workflow that allows you to configure each step of the process precisely, from issuance to certificate deployment".
This type of tools allows organizations not only to automate renewals, but also to manage their entire cryptographic ecosystem in a centralized way.
What is interesting about this change is that it is not a decision that companies can discuss or postpone. The countdown has already started . What today seems like an exaggerated requirement—renewing certificates every few weeks—will be the norm in just a few years.
And that is where everything is defined: not in the certificate itself, but in how each organization manages what is invisible. Because when a certificate fails, there is no elegant warning or room for reaction: simply, the service stops working.