Shortening the certificate lifespan
The CA/Browser Forum* approved proposal SC-081v3 in April 2025. This vote introduces a phased schedule for shortening the validity period of TLS/SSL certificates and the reuse period of validation data. This change aims to enhance security and promote certificate management automation.
*The CA/Browser Forum is a voluntary association of certification authorities, browser vendors, and operating system developers that defines rules in the field of internet security related to HTTPS communication and certificate issuance.
Article Contents (updated January 26, 2026)
- Key Changes and Dates
- Why does shortening occur?
- SSL Certificate Automation
- CODE Signing certificates
Key Changes and Dates
Starting March 2026, the maximum validity period for newly issued trusted SSL certificates will be reduced from the current 398 days to 200 days. This reduction will continue gradually, reaching a maximum validity of 47 days in 2029.
- SSL certificates issued until March 15, 2026 → max. validity 398 days
- SSL certificates issued from March 15, 2026 → max. validity 200 days
- Sectigo CA will begin issuing 199-day certificates starting March 13, 2026.
- Certum CA will begin issuing 200-day certificates starting March 14, 2026. More information...
- DigiCert CA (GeoTrust, Thawte, RapidSSL) will issue certificates with 199-day validity starting February 24, 2026 (!) More information...
- SSL certificates issued from March 15, 2027 → max. validity 100 days
- SSL certificates issued from March 15, 2029 → max. validity 47 days
Important Information: SSL certificates issued before the change date remain functional and trusted for their entire original validity period!
They will not be affected by the new rules.
Multi-year SSL Certificate Orders
Customers with multi-year certificate orders whose current certificate expiration is even a month after the change date should consider whether a free certificate REISSUE before the rule changes would be beneficial. This can save one extra renewal cycle.
Please note – for the certificate to be issued in time, the validation process must always be completed!
Why is the Validity Being Shortened?
The CA/B Forum decided to shorten validity for several reasons. These include increasing security, supporting automation, faster response to changes and threats, a better revocation model, and last but not least, the advent of quantum computing and the threat of key decryption.
Shortening Validity Since 2012
Until 2012, there were no restrictions for SSL/TLS certificates. Then, the CA/B Forum was established and began publishing new rules for certificate authorities and certificates. In 2012, validity was shortened to 10 years, in 2015 to 3 years and 3 months. In 2017, it was decided that certificates would be valid for a maximum of 825 days, and in 2020, it was shortened to a maximum of 398 days.
SSL Certificate Automation
All certificate authorities offer (or are preparing) automated processes for the deployment and renewal of SSL certificates.
We will be expanding our automation offerings (ACME and other solutions) in the near future as options become available.
CODE Signing Certificates
Similar to SSL certificates, the maximum validity period for CODE Signing certificates is also being shortened. In autumn 2025, the CA/B Forum voted on new rules (CSC-31: Maximum Validity Reduction), which will come into effect on March 1, 2026. The maximum validity of CODE certificates for code signing is reduced from 39 months (three years) to 460 days (approx. 15 months).
Multi-year CODE signing certificates issued before the change date will remain valid and trusted.
- CA Certum will still offer CODE certificates for 1-2-3 years. More information...
Where next?
Back to Help
Found an error or don't understand something? Write us!
