If you\u2019re \u201cin the know\u201d in the world of SSL certificates, you may have heard some big news affecting the way SSL certificates are issued and renewed. If you haven\u2019t heard, these changes have major implications for security and your technical management. Here\u2019s the long story short. <\/p>\n\n\n\n
Starting February 24, 2026, TLS\/SSL certificates will have a maximum validity of 199 days instead of 397 days<\/strong> (about six months, versus one year). This is an industry-wide change issued by new CA\/Browser Forum Baseline Requirements which shorten certificate lifetimes. (Head\u2019s up, TSL\/SSL certification lifetimes will continue to get incrementally shorter, more on that below.)<\/p>\n\n\n\n We\u2019re guessing you have a few questions about these significant changes and how they may impact you, so we\u2019ll do our best to explain. <\/p>\n\n\n\n The CA\/Browser Forum<\/a> (Certificate Authority\/Browser Forum) is an influential association of leading Certificate Authorities (CAs), internet browser vendors like Google, Microsoft, Apple, Mozilla, and other stakeholders. <\/p>\n\n\n\n Since 2005, the CA\/Browser Forum has set industry-wide standards, guidelines and mandates (known as “Baseline Requirements”) for the issuance and management of digital certificates (SSL\/TLS and code signing) to enhance internet security. They define and maintain security standards for public CAs ensuring trust from browsers, apps, etc. Standards set by the Forum are generally adopted and implemented industry-wide.<\/p>\n\n\n\n The Forum approved Ballot SC-081v3<\/a> to reduce public SSL\/TLS certificate maximum validity to 47 days by March 15, 2029. The reduction actually started several years ago, around 2012, but has been implemented in multiple phases with the intention to improve security and accelerate adoption of automation.<\/a> This change necessitates that organizations move away from manual certificate management to automated Certificate Lifecycle Management (CLM). The Forum asserts that shorter lifespans help reduce the window of vulnerability for compromised keys and enhance cryptographic agility, and also prepare for \u201cpost-quantum cryptography\u201d (PQC)<\/a>. <\/p>\n\n\n\n (Why 47 days? It\u2019s a \u201csimple\u201d cascade. Here\u2019s a fun explanation<\/a> for the math folks.) <\/p>\n\n\n\n Your current or existing<\/em> certificates<\/a> with TierraNet are not affected by the change to 199-day validity.\u00a0Certificates issued before February 24 will remain valid until their original expiration date. If an existing certificate is reissued on or after February 24, it will be limited to 199 days, even if the original certificate was valid for longer. Change is coming for all SSL certificates purchased on or after February 24, 2026. But wait, there\u2019s good news ahead\u2026<\/em><\/strong><\/p>\n\n\n\n TierraNet recognizes the importance of annual validation timeframes, so we will continue to provide single-year SSL subscription service. <\/strong><\/p>\n\n\n\n To comply with these industry changes, for domains hosted by TierraNet, we will internally reissue your selected SSL certificate every 199 days. However, you will not need to renew at 199 days<\/em><\/strong>. You may need to re-verify domain ownership for DV SSL certificates or organization details for OV\/EV SSL reissues, as requested by the SSL signing authority near the end of 199 days.<\/p>\n\n\n\n Whenever your SSL certification expires at the end of 199 days, TierraNet will automatically place your new, valid certificate on your TierraNet hosted site, and you can continue to renew your certification on an annual basis.<\/p>\n\n\n\n Note<\/strong> that if you\u2019ve purchased an SSL certificate with TierraNet but host it elsewhere, then you will need to manually renew and implement it every 199 days.\u00a0<\/p>\n\n\n\n The timeline mandated by the Forum for SSL validity reduction and domain reuse is as follows:\u00a0<\/p>\n\n\n\nWho is the CA\/Browser Forum?<\/strong><\/h3>\n\n\n\n
Why did they make this change?<\/strong><\/h3>\n\n\n\n
How does it affect my SSL certificates?<\/strong><\/h3>\n\n\n\n
What is TierraNet doing to accommodate these changes?<\/strong><\/h3>\n\n\n\n
What are the incremental phases for shortening SSL validity?<\/strong><\/h3>\n\n\n\n