Published on 24 Apr 2025.
April 14, 2025 can safely be called a turning point in digital security. That is when the CA/B Forum decided that the validity of SSL/TLS certificates, currently 398 valid, will be reduced in steps to 47 days from March 15, 2029.
Why shorten the validity of SSL certificates?
By significantly shortening the validity of certificates, one has to validate SSL certificates more frequently, which will also significantly reduce the risk of compromised certificates.
This will not necessarily drive up the price of individual certificates, but it does introduce (much) more manual work. Automation will thus become a necessity.
Kinamo offers certificates from GlobalSign and Sectigo, among others. Both vendors have solutions to use the ACME (Automatic Certificate Management Environment) protocol. You can expect more details on this from us later!
What type of SSL/TLS certificates does this apply to?
The rules around renewals will apply to all public SSL/TLS certificates, both the cheaper domain validation certificates (DV) as well as more expensive organization validation (OV) and extended validation (EV) certificates that contain company data in the certificate.
Note: code signing, S/MIME and other types of digital certificates are not subject to this!
OV and EV certificates contain "Subject Identity Validation Data" which can currently be kept "valid" with the certificate authorities for 825 days without going through the full validation procedure. This will shorten to 398 days starting March 15, 2026.
Domain validation records can now be used for up to 398 days. These periods will shorten to 200 days from March 15, 2026, 100 days from March 15, 2027 and 10 days (!) from March 15, 2029.
So what should you start doing if you need an SSL certificate on a regular basis?
Full commitment to automation and Certificate Lifecycle Management is therefore a must.
Kinamo can also guide you in this, both with setting up and implementing solutions based on ACME and certificate management via enterprise tools.
Questions about SSL certificates and digital security? Contact us without obligation!
