Redirecting you to
Blog Post Jan 31, 2025

Key predictions for 2025 part II: Preparing for the quantum leap

As 2025 unfolds, organizations must adapt to transformative shifts in technology, security, and compliance. Key trends include the decline of legacy technology stacks in preparation for post-quantum cryptography, the reduction of TLS certificate lifespans, and stricter revocation policies. These changes demand proactive strategies, automation, and modernization to maintain security and compliance in an evolving digital landscape.

Table of Contents

The rapid pace of technological innovation is forcing organizations to rethink their approaches to security, compliance, and infrastructure. As we step into 2025, the convergence of quantum computing, evolving standards, and stricter regulations signals a period of both profound transformation and heightened urgency.

In this second installment of our predictions for the coming year, we delve into three pivotal trends that will redefine the digital landscape: the decline of legacy technology stacks, the reduction in maximum term lifespans for TLS certificates, and the tightening of rules around certificate revocation. Each of these developments underscores the need for proactive, strategic planning to stay ahead in an environment where inaction could mean obsolescence.

The decline of legacy technology stacks

In 2025, we will see the beginning of the end for legacy technology stacks, driven by the need to prepare for postquantum cryptographic (PQC) standards. Legacy systems, which often rely on cryptographic algorithms like RSA and ECC, will struggle to integrate new PQC algorithms. This will lead to obsolescence or necessitate significant overhauls of existing technology. Organizations holding on to outdated infrastructures will be forced to confront the limitations of their systems. To remain secure and compliant in the quantum era, organizations must act now to carefully plan and execute their transition. While challenging, this transition is crucial for future-proofing security posture.

Decreasing maximum term lifespans for TLS certificates

In 2025, regulatory and standards bodies, such as the CA/Browser Forum, are expected to establish a definitive plan to reduce the maximum term lifespans for TLS certificates to less than 90 days. This may include proposals like Apple's proposal, which aims to incrementally decrease the maximum term of public TLS certificates, eventually reaching 47-day terms by 2028. Although the actual implementation of shorter certificate lifespans won't occur until early 2026, the groundwork will be laid in 2025. This move aims to enhance security by ensuring more frequent certificate renewals, thereby reducing the risk of compromised certificates remaining in use for extended periods.

Stricter rules around revocation of public certificates

In 2025, we will see stricter rules around the revocation of public certificates, with harsher penalties for non-compliance. To maintain the trust and integrity of the public key infrastructure (PKI), Certificate Authorities (CAs) and their subscribers will face more stringent requirements from browser root store programs to ensure timely revocation of compromised or misissued certificates. The timeline to revoke compromised certificates ranges from 24 to 120 hours, but 2024 saw many CAs missing these deadlines, often willfully. In 2025, hard and fast rules will impose strict penalties on both CAs and subscribers who miss these deadlines, potentially including a reduction in maximum certificate term for offending domains. To meet these stricter requirements, automated certificate lifecycle management tools will become essential to reduce human error and ensure efficient revocation processes.

Another watershed year

2025 is shaping up to be a watershed year for digital security and infrastructure, one in which organizations must confront long-standing challenges while embracing emerging paradigms. From the necessity of modernizing legacy systems to meet postquantum cryptographic standards to the operational shifts required by shorter TLS certificate lifespans and stricter revocation mandates, the stakes have never been higher. Organizations that act decisively - investing in automation, overhauling outdated systems, and adapting to new standards - will not only mitigate risk but also position themselves as leaders in the quantum-ready era. As these changes take hold, the competitive advantage will belong to those who can combine foresight with execution in navigating this pivotal moment.

Want to learn more? Get in touch to book a demo of Sectigo Certificate Manager!

Related posts:

Key trends for 2025 Part I: Postquantum Cryptography

The current state of quantum cryptography & why readiness is key

Embracing quantum readiness