In a landmark move that signals a major transformation in digital certificate management, the CA/Browser Forum has approved Ballot SC-081v3, which will reduce the maximum validity of SSL/TLS certificates to just 47 days by March 2029. This phased reduction—backed by leading tech companies and browser vendors—aims to elevate cybersecurity standards, encourage automation, and bolster readiness for the quantum era.

A Phased Shift Toward Shorter Certificate Lifespans

The newly approved policy outlines a structured timeline to gradually shorten certificate validity from the current 398 days down to just 47 days. Key milestones in this transition include:

• March 15, 2026: Certificate validity reduced to 200 days
• March 15, 2027: Further reduction to 100 days
• March 15, 2029: Final reduction to 47 days

This change also shortens the reuse period for validation data, requiring more frequent domain and organization validation. For example, domain control validation (DCV) reuse will shrink from 398 days today to just 10 days by 2029.

Why the Change?

The decision is grounded in three major objectives:

1. Enhanced Security: Frequent certificate renewals narrow the window of exposure for private keys, reducing the risk of compromise or exploitation in cyberattacks.
2. Encouraging Automation: Shorter certificate lifespans accelerate the need for automation, making traditional manual renewal processes inefficient and error-prone. Automation is expected to become the industry standard for certificate management.
3. Quantum-Readiness: As quantum computing capabilities grow, so does the urgency for cryptographic agility. Shorter certificate cycles will make it easier for organizations to adopt post-quantum cryptographic algorithms and comply with emerging security protocols.

What This Means for Your Organization

This evolution in certificate policy will significantly impact how organizations manage their public key infrastructure. Under the new rules, SSL/TLS certificates may need to be renewed up to eight times a year—a frequency that renders manual workflows nearly impossible to maintain.

Businesses are strongly encouraged to adopt automated certificate lifecycle management solutions to ensure compliance, reduce operational risk, and maintain secure digital operations.

Multi-year certificate plans will still be available, offering consistent coverage while requiring organizations to reissue certificates in alignment with the updated validity terms—at no additional cost.

Time to Prepare

With the first wave of changes taking effect in March 2026, now is the time to assess your organization’s certificate strategy. Automation, agility, and proactive risk management will be essential as digital trust becomes even more central to enterprise operations.

At Quantum PKI, we’re committed to helping businesses navigate this transition smoothly. We offer expert guidance, automation tools, and forward-thinking solutions to help future-proof your certificate infrastructure—ensuring you’re not just keeping up with compliance but leading in digital security.

For more insights and to start preparing for the shift to 47-day certificate lifecycles, contact the Quantum PKI team today.