Change is coming to the foundation of digital trust — and it’s happening faster than many realize.
By 2029, every public TLS certificate will be limited to a maximum lifespan of just 47 days. The transition starts as early as March 2026 with certificates dropping to 200 days, then 100, before reaching the 47-day limit. For most organizations, that means an 8–12x increase in certificate renewals every year.
For those still managing TLS certificates manually, this change could bring operational chaos.
Change is coming to the foundation of digital trust — and it’s happening faster than many realize.
By 2029, every public TLS certificate will be limited to a maximum lifespan of just 47 days. The transition starts as early as March 2026 with certificates dropping to 200 days, then 100, before reaching the 47-day limit. For most organizations, that means an 8–12x increase in certificate renewals every year.
For those still managing TLS certificates manually, this change could bring operational chaos.
From 398 Days to 47: The Compression of Digital Trust
The push for shorter certificate lifespans is not theoretical. It’s being driven by major browser vendors and formalised through the CA/B Forum — the governing body for certificate authorities worldwide.
The rationale is sound: shorter-lived certificates improve security by reducing the window of potential compromise. But the practical impact is immense.
A business managing 3,000 certificates today could soon need to handle over 25,000 renewals annually. Without automation, that’s tens of thousands of extra manual actions — each one a potential point of failure.
Why It Matters: Risk, Resilience and Reputation
TLS certificates are the unsung heroes of secure digital communication. When they expire, applications fail, websites go dark, and transactions grind to a halt.
Under the new model, manual renewal and tracking simply won’t scale.
According to the CyberArk 47-Day Certificate Readiness Report, most organizations still rely on spreadsheets or ticket-based processes.
In a world of short-lived certificates, those methods will buckle — leading to outages, compliance failures, and reputational damage.
Key findings from the research includes:
- 83% of organizations experience at least one certificate-related outage per year.
- 77% believe outages will be inevitable under the new short-lived model.
- 75% fear increased human error as renewal volumes multiply.
A Forcing Function for Automation
This isn’t just a compliance change — it’s a catalyst for modernisation.
ProofID, together with CyberArk Certificate Manager, helps organizations prepare for the 47-day era by automating certificate discovery, renewal, and policy enforcement.
With full lifecycle visibility and automated workflows, you can:
- Identify unmanaged or risky certificates across all environments.
- Renew certificates automatically before expiry.
- Enforce consistent policies and governance.
- Maintain uptime, compliance, and audit readiness with confidence.
- Prepare for quantum computing — automation today enables faster adoption of quantum-safe cryptography tomorrow.
Automation transforms certificate management from a reactive burden into a proactive, scalable process — one that supports both security and business continuity.
Get Ahead of the Curve
The 47-day rule is coming, whether your organization is ready or not. Those who modernise early will enjoy reduced risk, stronger governance, and greater resilience as certificate volumes surge.
Be the first to hear about news, product updates, and innovation from proofid
