Contact Us
Contact Us
Contact Us

Why TLS Certificate Lifecycle Reduction Improves Security

Picture of Chris Templeton
Certificate timeline

The push for certificate lifecycle reduction stems from a fundamental truth: certificate lifecycle management is not a team member’s core job role – it’s often an afterthought and annoyance, a general admin task. With these changes, this will fundamentally not be the case.

Here’s what shorter lifecycles help prevent:

  • Expired certificates causing downtime
  • Forgotten certificates at the heart of your infrastructure, creating hidden vulnerabilities
  • Difficulty replacing compromised certificates quickly and securely

By reducing certificate validity to just 47 days, the CA/B Forum is forcing organisations to prioritise certificate management and embrace automation.

Answering common questions about certificate lifecycle reduction

“When will the changes come into effect?”

In April 2025, the CA/Browser Forum approved Ballot SC-081v3, initiating a phased reduction in TLS certificate validity periods:

  • March 15, 2026: Maximum certificate lifespan reduces to 200 days.
    • This means you will be renewing your certificates nearly twice as often, this is the time where you should be monitoring your certificates.
  • March 15, 2027: Further reduction to 100 days.
    • This means you will be renewing your certificates more than three times as often. By this point you should be considering post-quantum readiness, and putting the structures in place for this.
  • March 15, 2029: Final reduction to 47 days.
    • You will be renewing your certificates almost eight times as often. At this point, it is vital you have full automation across your certificate estate.

*If your average certificate lifecycle is 365 days

“Will certificate lifecycle reduction cause more outages?”

Only if you still manage certificates manually. If you rely on spreadsheets or calendar reminders, yes—this change is a risk. But if you adopt automated certificate lifecycle management, you’ll actually reduce outages.

“Is this just for big enterprises?”

No. Every organisation using TLS (including small businesses) is affected. Shorter certificate lifespans are a universal standard, and so is the need to manage them properly.

“Is automation really necessary?”

With a 47-day lifecycle, it’s no longer optional. Certificates will need to be renewed and redeployed every few weeks. Automation is the only scalable solution.

By reducing certificate validity to just 47 days, the CA/B Forum is forcing organisations to prioritise certificate management and embrace automation.
Quantum computing threatens to break RSA and ECC, the cryptographic foundations of most certificates.

Post-Quantum Cryptography and the role of shorter certificate lifecycles

While this policy is about lifespan, it also sets the stage for post-quantum cryptography (PQC), another major shift in digital trust.

Quantum computing threatens to break RSA and ECC, the cryptographic foundations of most certificates. By adopting shorter certificate lifespans now, you can benefit in three ways:

  • Cryptographic agility: Easier to migrate to PQC-compatible algorithms as they are standardised
  • Limited risk window: Short-lived certs reduce the damage of potential future quantum attacks
  • Infrastructure readiness: Forces updates to tooling, platforms, and practices now before PQC hits

TLS certificate lifecycle reduction is a full strategic enabler for future-proofing businesses and public sectors across the world.

FullProxy’s take: Change = Opportunity

At FullProxy, we see this change not as a burden, but as an opportunity to modernise.

“FullProxy strongly advocates for automated certificate lifecycle management. Automation enables faster rotation, broader visibility, and more agile response to emerging threats” – Read our blog on the National Cyber Security Centre’s post-quantum timeline.

  • Eliminate certificate-related outages through automation
  • Build cryptographic agility for the quantum future
  • Strengthen overall cyber security posture
  • Future proof yourself against further certificate lifespan reductions

The shift to 47-day lifespans is a challenge but it’s also a forcing function for better security and visibility.

How to Prepare for TLS Certificate Lifecycle Reduction

Here’s how you can get ready:

  1. Discovery and Visibility
    Gain full discovery and visibility of your certificate estate.
  2. Monitoring
    Monitor your full estate to ensure all certificates are up to date and compliant.
  3. Analysis
    Regularly analyse and report your findings throughout the monitoring process.

At FullProxy, we partner with AppViewX to offer certificate lifecycle management services to businesses and public sector bodies across Europe. Get in touch with us today to learn more, and book a demo with one of our technical experts.

Picture of Chris Templeton
  • Written by
Chris Templeton
Chief Technology Officer
Post-quantum timeline

How to Prepare for the NCSC’s Post-Quantum Cryptography Migration Timelines

he arrival of post-quantum cryptography (PQC) is no longer a theoretical concern, it’s a strategic imperative for businesses across the globe. The UK’s National Cyber Security Centre (NCSC) recently issued updated guidance that underscores the urgency for all organisations, particularly those operating critical infrastructure or bespoke IT systems, to begin their migration to PQC today.
Read more
Graphic showing a multi cloud network
  • F5

Untangling Multicloud Networking Complexity

With cloud services becoming increasingly easy to procure, software developers have flocked to them quickly for a range of reasons. Whether this is to unlock productivity, access on-demand innovation, or accelerate releases, the benefits of shifting to cloud networking are quite clear. After this, developers discovered the additional capabilities of another cloud provider and started using that one, too. This rapidly resulted in: 
Read more

Apple’s 45-Day Certificate Lifecycles: What Does This Mean for You?

The recent CA/Browser Forum meeting revealed significant changes to Apple's certificate lifecycles, and they seem to be following Google’s lead. With a proposal to reduce TLS validity periods to just 45 days by 2027, this adjustment to Apple's certificate lifecycles has sparked even more anxious discussion among IT professionals – yes, it’s frustrating, but it’s also important. 
Read more
Close up of hands typing on laptop - F5 BIG-IP
  • F5

F5 BIG-IP vs Citrix NetScaler

The debate has been raging for years. Which is the superior application delivery controller (ADC), F5 BIG-IP or Citrix NetScaler?
Read more

Want to be in the know?

We’ve got decades of experience installing. configuring and optimising advanced security solutions for private & public sector organisations with complex security & compliance needs.

Scotland’s expert cyber security consultants, with the proven, premium expertise you need. F5, Fortinet & AppViewX specialists. 

Get in touch to learn more about how we can help secure your environment and get quicker ROI from your investment.

Navigate

Services

Connect

Contact us

1 West Regent Street
Glasgow, G2 1RW

+44 141 291 5500

hello@fullproxy.com

Linkedin-in Youtube
Cyber Essentials Certification
Crown Commercial Service Supplier
© 2025 FullProxy Limited. All rights reserved.