SSL/TLS Certificate Lifespans to Shrink to 47 Days by 2029
InfoQ, Saturday, May 17th, 2025
In a move to enhance internet security, the CA/Browser Forum (CA/B Forum) has approved a proposal to reduce the maximum validity period of SSL/TLS certificates from the current 398 days to just 47 days by March 15, 2029.
This decision, initially proposed by Apple and endorsed by major industry players including Google, Mozilla, and Sectigo, aims to mitigate risks associated with long-lived certificates and encourage automation in certificate management.
According to their proposal, the transition to shorter SSL/TLS certificate lifespans will take place gradually over several years. Starting on March 15, 2026, the maximum validity period for certificates will be reduced to 200 days. This will be followed by another reduction on March 15, 2027, bringing the limit down to 100 days. Finally, on March 15, 2029, the maximum lifespan will be shortened to just 47 days, marking a significant shift in how certificate management is handled across the industry.