Shorter SSL Certificate Validity
Over the next few years, the way SSL/TLS certificates are issued and managed is going to change across the entire internet. Certificate validity periods are being shortened as part of an industry-wide move led by the CA/Browser Forum and supported by major browser vendors including Apple, Google, Mozilla, and Microsoft (Digicert, 2025).
The first milestone begins in early 2026, and while this shift is important, it’s also very manageable. Most importantly, it’s something we’re already preparing for.
What’s Changing
Today, public SSL/TLS certificates can be issued for up to around 13 months. From March 2026, that maximum validity period will reduce to around six months, with further reductions planned over time.
The rollout will happen in phases:
- From March 2026, certificates will be valid for up to around 200 days
- From March 2027, validity reduces to around 100 days
- By March 2029, certificates will have a maximum validity of 47 days
This applies to all publicly trusted SSL/TLS certificates, including DV, OV, and EV certificates. It is not specific to one certificate authority and cannot be avoided by switching providers (Crane, 2025).
Why This Is Happening
Shorter certificate lifespans are designed to improve overall internet security. If a certificate is ever compromised, a shorter validity period limits how long it can be misused. More frequent renewals also encourage stronger key rotation, faster adoption of new security standards, and better alignment with modern security practices like zero trust.
Another key driver is future readiness. As cryptography continues to evolve, including preparation for post-quantum standards, the ability to update certificates quickly becomes increasingly important (Hall, 2025).
What This Means for You
Any SSL/TLS certificates issued before the 2026 cut-off will remain trusted until they naturally expire. Existing certificates do not need to be replaced early, and there is no immediate action required for most organisations.
The main impact is operational. Shorter lifespans mean renewals will happen more often, and manual certificate management will become less practical over time.
Validation Will Also Become More Frequent
Alongside shorter certificate lifespans, the amount of time that domain and organisation validation data can be reused will also reduce.
For OV and EV certificates, organisations will need to complete validation checks more regularly. This is another reason automation becomes increasingly important as the timelines shorten (Hall, 2025).
How Brandsec Is Preparing
We are actively monitoring these changes and reviewing how certificate renewals and validation are managed to ensure a smooth transition for our customers.
As the industry moves toward much shorter certificate lifecycles, we are exploring process improvements and automation options that will reduce manual effort, minimise renewal risk, and help future-proof certificate management.
Our goal is to make sure these industry changes have minimal impact on your operations while maintaining strong security outcomes.
What You Need to Do Now
At this stage, no immediate action is required.
If you are renewing certificates before March 2026, current validity periods still apply. Over time, we will continue to guide customers through the transition and share updates as the next phases approach.
If you have questions about how these changes may affect your environment, or want to understand how certificate automation fits into your longer-term security strategy, then please reach out to us for guidance.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
