66 VIEWPOINT Preparing for TLS certificate changes The shortening lifespan of TLS certificates is introducing new risks for organisations of all sizes, making it crucial for them to automate renewal processes The lifespan of Secure Sockets Layer/ Transport Layer Security (SSL/TLS) certificates is shrinking rapidly. On 15 March 2026, the validity of the certificates – which verify that a website is legitimate – reduced from 398 days to 200 and will further decrease to 100 in 2027 and 47 in 2029. Driven by the Certification Authority Browser Forum, the changes are designed to improve security by enabling faster key rotation, quicker revocation and tighter control over certificate infrastructures. To avoid the multiple business risks associated with mismanaging certificates, organisations must rethink how they operate. Manual certificate management processes and annual purchasing models are no longer viable. Instead, organisations must create an inventory of all their certificates, then automate renewal and management. Organisations with limited public key infrastructure expertise and resources risk falling behind. However, this isn’t an option; expired certificates can lead to service outages, which damage a company’s reputation. The Automated Certificate Management Environment (ACME) protocol offers a simple, low-cost way to automate certificate management without investing in a full certificate lifecycle management (CLM) platform. As an open standard, ACME enables automatic certificate renewal through agents running on servers, and it can also handle large-scale revocations. GlobalSign supports ACME across its certificate portfolio, including both organisationally and domain-validated certificates, at no additional cost. If they operate in larger and more complex environments, organisations may require a comprehensive CLM solution. GlobalSign offers platforms such as Atlas and Lifecycle X by GMO, and also supports integration with third-party CLM tools via open APIs. Larger enterprises may also build custom integrations tailored to their infrastructure. Companies should also consider models such as GlobalSign’s SAN licensing option. Unlike traditional per-certificate pricing, this model only charges for active unique subject alternative names (SANs), rather than each certificate that is issued. This approach is especially valuable as certificate validity periods shorten, removing the need for organisations to spend valuable time and resources on predicting how many certificates they will need. Whichever of these approaches they choose, organisations must act now to transition to an automated, cost-efficient TLS certificate management strategy to ensure they remain compliant and minimise risk in the years ahead. Aditya Anand is the head of GlobalSign’s business unit for TLS and CLM products ADITYA ANAND: GLOBALSIGN “Manual certificate management processes and annual purchasing models are no longer viable”
RkJQdWJsaXNoZXIy NzQ1NTk=