Countdown Begins for a New Era in SSL/TLS Certificates
SSL/TLS certificates, one of the cornerstones of internet security, will undergo a radical change in the coming years. With a historic decision taken by the CA/Browser Forum, certificate validity periods will be gradually reduced to 47 days. So what does this change mean and how should businesses prepare?
What is the decision? What will change?
The CA/Browser Forum, which includes industry authorities such as Google, Apple, Mozilla, Microsoft, Amazon, DigiCert, GlobalSign, Sectigo, reached a consensus on gradually reducing certificate validity periods, numbered SC-081v3 proposed by Apple in April 2025. The proposal was accepted unanimously in the vote.
Reasons for the Change
1. Minimizing Security Vulnerabilities
Long-lived certificates carry the following risks:
- Old and outdated information
- Deprecated cryptographic algorithms
- Compromised private keys remaining exposed for a long time
Shorter certificate lifecycles significantly reduce these risks.
2. Encouraging Automation
Manual certificate management will become almost impossible with short periods. This situation:
- Will direct companies to automation systems
- Will make it difficult for sites running with expired certificates
- Will make the ecosystem more secure
3. Continuous Validation (DCV)
Short periods require companies requesting certificates to be validated more frequently. This ensures that security standards are kept constantly up to date.
Gradual Reduction Schedule
According to the agreed schedule, the currently accepted maximum validity period of 398 days will be gradually shortened. The planned schedule is as follows;
| Date | Maximum Certificate Duration | DCV Reuse Period | Change |
| March 15, 2026 | 200 days | 200 days | Will Decrease by 50% |
| March 15, 2027 | 100 days | 100 days | Will Decrease by 75% |
| March 15, 2029 | 47 days | 10 days | Will Decrease by 88% |
What Will Be the Impact on Businesses?
Reducing SSL certificate periods to 47 days will require a radical transformation in the IT infrastructure of businesses. The certificate renewal process, which is currently carried out once or twice a year, will increase up to 8 times a year by 2029. This change will create a serious operational challenge, especially for large corporate structures managing multiple domains and subdomains.
While manual certificate management becomes unsustainable, companies without automation infrastructure will face the risk of experiencing unexpected outages due to certificate expiration. Executives need to address this change not just as an IT issue, but as a strategic priority in terms of business continuity and security. For those caught unprepared, the cost can mean not only technical infrastructure but also loss of customer trust and brand reputation.
Solution: Automation + Proactive Approach = SecTrail Certificate Manager
The only sustainable way to prepare for this change is to fully automate certificate lifecycle management. Businesses must first create a comprehensive certificate inventory and map all their digital assets. Then, proactive monitoring, ownership assignment, and alerting systems that track certificate expiration times should be established. However, the critical step is the creation of fully automated workflows triggered by these alarms: automatic submission of certificate signing requests (CSR), uninterrupted deployment of new certificates to services, updating SSL/TLS configurations, and performing automatic vulnerability scans after changes can be given as examples of workflow steps. Thanks to this end-to-end automation, a proactive certificate management ecosystem that does not require human intervention, works 24/7, and minimizes the risk of error is created.
SecTrail Certificate Manager is Turkey’s leading enterprise certificate lifecycle management (CLM) solution that resolves all challenges encountered in SSL/TLS certificate management on a single platform.
The platform creates a comprehensive certificate inventory by scanning all your digital assets with its automatic discovery feature. Thanks to its real-time monitoring and smart alarm system, it proactively warns you by detecting expiration dates days in advance. The most powerful feature of SecTrail CM is that it automates certificate renewal processes from start to finish with fully automated workflows: CSR creation, automatic submission to CA, uninterrupted deployment of approved certificates to services, updating SSL/TLS configurations, and automatic scans after changes are managed from a single platform. ACME protocol support and Let’s Encrypt integration, multi-CA management for single-point management from different certificate authorities, and role-based access control are its prominent features with corporate security standards. For businesses preparing for the 47-day certificate period, SecTrail Certificate Manager is the ideal solution that eliminates manual processes, guarantees business continuity, and fully automates the renewal load up to 8 times a year.
You can contact us via the contact form for detailed information and demo requests.