The CA/Browser Forum has officially voted to shorten the lifespan of SSL/TLS certificates to just 47 days by March 2029.
The decision was passed with 25 votes in favor and none against, signaling a major change in how websites manage their security certificates.
The CA/Browser Forum comprises major certificate authorities and browser vendors like Google, Apple, Mozilla, Microsoft, DigiCert, and GlobalSign. These members work together to set security standards for digital certificates used to secure websites. Earlier this year, Apple proposed the idea of reducing certificate lifespans, and Mozilla, Sectigo, and the Google Chrome team quickly supported it.
Currently, SSL/TLS certificates are valid for up to 398 days. These certificates help encrypt website data and confirm the identity of websites, making internet communication secure. However, experts believe that 398 days is too long in today’s fast-changing digital world. Long certificate lifespans can increase the risk of using outdated technology, allow compromised certificates to stay active longer, and make it harder to keep up with current security practices.
To address this, the CA/Browser Forum has created a timeline to gradually shorten certificate lifespans. Starting March 15, 2026, the maximum certificate validity will be reduced to 200 days. A year later, on March 15, 2027, it will go down to 100 days. Finally, by March 15, 2029, certificates will only be valid for 47 days, and domain validation will need to be redone every 10 days.
