Summary: The CA/Browser Forum has voted unanimously to shorten the lifespan of SSL/TLS certificates from 398 days to 47 days over the next four years, with the final change set for March 2029. This decision aims to enhance security by encouraging more frequent renewal and automated management of certificates. The initiative is supported by major industry players, including Apple, Google, and Mozilla, to mitigate risks associated with outdated certificates and compromised credentials.
Affected: CA/Browser Forum, certificate authorities, website owners, and internet users
Keypoints :
- Certificate lifespan will reduce from 398 days to 200 days by March 2026.
- Further reduction to 100 days will occur by March 2027.
- Final reduction to 47 days planned for March 2029.
- Encourages automation for certificate renewal to reduce risks of using expired certificates.
- Aims to improve security against outdated data and vulnerabilities.
- Gradual changes allow organizations time to adjust to new management practices.