A major change is coming to SSL/TLS certificate validity that will significantly impact how organisations manage their certificates. If you’re wondering what is it and how this may impact your business, this blog will be of an immense help!

Certificate Life Cycle Management

In April 2024, Apple proposed (CA/Browser ) Forum  a plan to shorten the maximum lifespan of publicly trusted SSL/TLS certificates from 398 days to 47 days by March 2029. This is a phased reduction which has been approved, and it is planned to begin by early March 2026.

This new schedule means that the renewal of certificates will become far more frequent from about once a year today to up to eight times a year by 2029. This change tends to create an operational challenge for IT and cyber security teams.

Why this SSL - TLS Certificate Change Matters - Servaplex

Why this SSL / TLS Certificate Change Matters?

Certificates are an unarguably a strong foundation for a secure communication on the internet. This change of shortening certificate lifespans:

  • Reduces risk exposure
  • Enforces frequent renewals
  • Establishes a strong step towards crypto agility

It is crucial that the industry adopts an automated approach in streamlining this because traditional manual tracking and renewal methods will not be able to keep a pace with the need of growing frequency of renewals.

Why Automation is Needed for Certificate Life Cycle Management

Organisations that lack automated workflows tend to a potential risk of:

  • Service and operational challenges due to expired certificates
  • Security gaps from missed renewals
  • Administrative overload and compliance risks

Smart automation ensures that certificates are discovered, tracked, renewed, and deployed without any human error.

SSL / TLS Certificate Validity Timeline

You may think now, what is the new timeline for the revised certificate validity and their renewals. The below table answers this by showing an expected timeline and the minimum number of renewals required to be done in year.

Expected Timeline Minimum number of renewals/ year
Until March 2026 ~ Once
From Mar. 15, 2026 ~ Twice
Mar. 15, 2027 ~ Four times
Mar. 15, 2029 ~ Eight times

How to Prepare for New Certificate Lifecycle Change?

Organisations must plan strategically and implement automation strategies to manage this change effectively.

  • Establish clear PKI policies
  • Maintain a central repository of certificates across the infrastructure
  • Deploy certificate life cycle management solutions
  • Create real-time alerts for certificates expiration

Key Manager Plus from ManageEngine - Servaplex

Key Manager Plus from ManageEngine

Adopting a certificate lifecycle management solution such as Key Manager Plus will help organisations to stay proactive and a step ahead.

Key Manager Plus from ManageEngine is a comprehensive SSL/TLS certificate management solution that’s trusted by thousands of enterprises to automate essential certificate management and SSH key management tasks.

Certificate Life Cycle Management Advice

To learn more about Certificate Life Cycle Management reach out to us at Servaplex by giving us a call now on +353-1-2304242 or contact us online, and a member of our team will be in touch.