For many organisations, TLS certificates have long been treated as background infrastructure, important but rarely urgent. That mindset is becoming increasingly risky. As certificate lifecycles shorten and digital environments grow more complex, organisations that fail to modernise their approach to certificate management are setting themselves up for avoidable outages, security gaps, and operational disruption.
According to the Certificate Authority/Browser Forum, major updates to the rules and policies governing SSL/TLS certificates will soon be introduced. The upcoming changes will impact how organisations manage certificate lifecycles, maintain security compliance, and ensure a seamless and trusted online experience. Over the years, SSL/TLS Certificates have formed the backbone of HTTPS, acting as a badge or an icon that confirms data security, and browsing safety across web platforms, applications and webpages.
Starting March 15, 2026, the maximum allowed validity period for new public TLS certificates will drop step by step, ultimately reaching just 47 days by 2029. This phased reduction transforms certificate management from an annual task into a near-continuous process.
Getting ahead of these changes does not require a sweeping transformation overnight; it requires deliberate, practical action starting now.
Practical Steps to Get Ahead
Conduct A Full Audit
Create a complete inventory of all TLS certificates—public, internal, PKI, wildcard, SAN, legacy systems, APIs, load balancers, containers, and third‑party integrations. This uncovers shadow IT, undocumented certificates, and manual processes that could cause outages.
Implement Automation Immediately
Replace manual management with ACME‑based automation for issuance, renewal, revocation, and deployment. Automation reduces errors, lowers overhead, and supports short‑lived certificates used in cloud, microservices, CI/CD, and IoT environments.
Update Monitoring and Alerting
Strengthen visibility with alerts for expirations, failed renewals, deployment issues, and configuration changes. Integrate certificate health checks into existing observability tools and ensure clear ownership for responding to alerts.
Test In Staging Before Rollout
Validate automation in a non‑production environment to confirm integrations, permissions, renewal timing, and deployment workflows. Gradual rollout reduces risk and exposes issues before they affect production.
Train Your Team
Ensure DevOps, security, and IT teams understand certificate lifecycles, automation tools, and troubleshooting. Shared knowledge embeds certificate management into daily operations and reduces friction.
Review Vendors and Partners
Confirm how cloud providers, CDNs, MSPs, and SaaS vendors handle certificate automation and shorter lifecycles. Clarify responsibilities, visibility, and incident communication to avoid external blind spots.
Certificate management may not be the most visible part of a security strategy, but it is increasingly one of the most consequential. Organisations that act early, by gaining visibility, embracing automation, and aligning people and partners, will not only avoid disruption but position themselves for a more resilient, scalable digital future.
You can download a comprehensive update document detailing the timeline, key implications, and the required preparation steps here.
