The CA/Browser Forum almost a year ago voted to reduce the lifespan of Transport Layer Security (TLS) certificates, a contentious decision aimed at improving security and preparing for the coming quantum computing era, but one that will create operational headaches for organizations that now need to rethink how they manage and maintain certificates.
certificates.The first step in the three-phase approach takes effect March 15, when the maximum certificate lifetime drops from 398 to 200 days. Next year, that number will fall to 100 days, and by March 15, 2029, it will drop further to 47 days.This won’t be an easy transition. The number of TLS certificates use continues to increase, keeping pace with the adoption of technology. According to a report by Venafi – now owned by CyberArk – 95% of security leaders said digital transformation efforts increased their use of certificates between 2023 and 2024 by an average of 36%, driving the number of TLS certificates used by the average enterprise to 3,730, a number that was expected to increase another 39% – to more than 5,000 – by this year.There is a range of security benefits to the shorter lifespans, including minimizing the risk that outdated certifications will be exploited. According to CyberArk, 77% of security leaders say that any undiscovered machine identity is a point of compromise. With shorter certificate lifespans comes more validation.They also improve regulatory compliance, support zero-trust architectures, and drive the adoption of automation, which will be important give that each time the lifespan shrinks, the administrative burden increases, from two times this year to eight times in 2029.
certificates.The first step in the three-phase approach takes effect March 15, when the maximum certificate lifetime drops from 398 to 200 days. Next year, that number will fall to 100 days, and by March 15, 2029, it will drop further to 47 days.This won’t be an easy transition. The number of TLS certificates use continues to increase, keeping pace with the adoption of technology. According to a report by Venafi – now owned by CyberArk – 95% of security leaders said digital transformation efforts increased their use of certificates between 2023 and 2024 by an average of 36%, driving the number of TLS certificates used by the average enterprise to 3,730, a number that was expected to increase another 39% – to more than 5,000 – by this year.There is a range of security benefits to the shorter lifespans, including minimizing the risk that outdated certifications will be exploited. According to CyberArk, 77% of security leaders say that any undiscovered machine identity is a point of compromise. With shorter certificate lifespans comes more validation.They also improve regulatory compliance, support zero-trust architectures, and drive the adoption of automation, which will be important give that each time the lifespan shrinks, the administrative burden increases, from two times this year to eight times in 2029.





