If you’re “in the know” in the world of SSL certificates, you may have heard some big news affecting the way SSL certificates are issued and renewed. If you haven’t heard, these changes have major implications for security and your technical management. Here’s the long story short.
Starting February 24, 2026, TLS/SSL certificates will have a maximum validity of 199 days instead of 397 days (about six months, versus one year). This is an industry-wide change issued by new CA/Browser Forum Baseline Requirements which shorten certificate lifetimes. (Head’s up, TSL/SSL certification lifetimes will continue to get incrementally shorter, more on that below.)
We’re guessing you have a few questions about these significant changes and how they may impact you, so we’ll do our best to explain.
Who is the CA/Browser Forum?
The CA/Browser Forum (Certificate Authority/Browser Forum) is an influential association of leading Certificate Authorities (CAs), internet browser vendors like Google, Microsoft, Apple, Mozilla, and other stakeholders.
Since 2005, the CA/Browser Forum has set industry-wide standards, guidelines and mandates (known as “Baseline Requirements”) for the issuance and management of digital certificates (SSL/TLS and code signing) to enhance internet security. They define and maintain security standards for public CAs ensuring trust from browsers, apps, etc. Standards set by the Forum are generally adopted and implemented industry-wide.
Why did they make this change?
The Forum approved Ballot SC-081v3 to reduce public SSL/TLS certificate maximum validity to 47 days by March 15, 2029. The reduction actually started several years ago, around 2012, but has been implemented in multiple phases with the intention to improve security and accelerate adoption of automation. This change necessitates that organizations move away from manual certificate management to automated Certificate Lifecycle Management (CLM). The Forum asserts that shorter lifespans help reduce the window of vulnerability for compromised keys and enhance cryptographic agility, and also prepare for “post-quantum cryptography” (PQC).
(Why 47 days? It’s a “simple” cascade. Here’s a fun explanation for the math folks.)
How does it affect my SSL certificates?
Your current or existing certificates with TierraNet are not affected by the change to 199-day validity. Certificates issued before February 24 will remain valid until their original expiration date. If an existing certificate is reissued on or after February 24, it will be limited to 199 days, even if the original certificate was valid for longer. Change is coming for all SSL certificates purchased on or after February 24, 2026. But wait, there’s good news ahead…
What is TierraNet doing to accommodate these changes?
TierraNet recognizes the importance of annual validation timeframes, so we will continue to provide single-year SSL subscription service.
To comply with these industry changes, for domains hosted by TierraNet, we will internally reissue your selected SSL certificate every 199 days. However, you will not need to renew at 199 days. You may need to re-verify domain ownership for DV SSL certificates or organization details for OV/EV SSL reissues, as requested by the SSL signing authority near the end of 199 days.
Whenever your SSL certification expires at the end of 199 days, TierraNet will automatically place your new, valid certificate on your TierraNet hosted site, and you can continue to renew your certification on an annual basis.
Note that if you’ve purchased an SSL certificate with TierraNet but host it elsewhere, then you will need to manually renew and implement it every 199 days.
What are the incremental phases for shortening SSL validity?
The timeline mandated by the Forum for SSL validity reduction and domain reuse is as follows:
| Date | Maximum Certificate Validity Period | Domain Reuse Period |
| March 15, 2026 | 200 days | 200 days |
| March 15, 2027 | 100 days | 100 days |
| March 15, 2029 | 47 days | 10 days |
Certificate Validity Period:
The certificate lifetime – how long the certificate itself is valid.
Domain Reuse Period: Domain validation reuse – how long the CA will rely on your proof of domain ownership before requesting you to confirm it again.
What does this mean?
Not only are the lifespan of your SSL certificates expiring faster, but you will also need to validate your domain ownership far more frequently. Manual validation won’t be realistic at this pace, so this new time frame essentially impels users reliant on SSL certificates to move into automated systems for reissuing and validating SSL certificates.
TierraNet stays agile and responsive
We know that shortened SSL validity has big implications across industries, brands and sectors. At TierraNet, we are doing everything we can to ensure a smooth transition for our customers during these transitions. We will continue to stay agile and responsive to these changes and their implications for our users and customers. If you have any questions, we’re happy to help. Reach out to our Support team at support@tierra.net or visit tierra.net/support.
