The trend of shrinking certificate lifespans is one Sectigo predicted as far back as 2019. In recent years the maximum term for a public TLS (also called SSL) certificate has dropped from three years to two to one, and on March 3, Google announced in its “Moving Forward, Together” roadmap the intention to reduce the maximum validity for public SSL/TLS certificates from 398 days to 90 days, in a future policy update or a CA/B Forum Ballot Proposal. Though the specific timing of when this 90-day maximum will go into effect is unknown, it’s likely to happen by the end of 2024.
Why You Should Act Now
This step toward even shorter certificate lifespans represents a significant change in how companies will approach digital trust. The traditional approach of undertaking the lifecycle management of digital certificates with spreadsheets and siloed point-solutions is no longer sustainable. Most enterprises have a large number of digital certificates, which will make manual management of the 90-day certificates a tedious task.