Identity & Access Management

SSL/TLS Certificates Will Only Be Valid for 47 Days by 2029 – Is Your Business Ready?

Steve Angell
March 6, 2026
Share on

SSL/TLS Certificates Will Only Be Valid for 47 Days by 2029 – Is Your Business Ready?

By March 15, 2029, the maximum validity period for publicly trusted SSL/TLS certificates will be reduced to just 47 days, a dramatic change from today’s 398-day limit. While this may sound like a technical detail, it represents one of the most significant operational shifts in modern internet security—and it carries real implications for uptime, cost, risk, and customer trust.

This CA/Browser Forum mandate, supported by major browsers and certificate authorities, will require organizations to rethink how certificates are tracked, renewed, and governed. For business and IT leaders alike, the message is clear: certificate management can no longer be treated as a background task.

Let’s unpack what’s changing, why it matters, and how organizations can prepare.

SSL/TLS Certificate Validity Timeline: What Changes Between Now and 2029

The reduction in certificate lifespan will happen in phases:

  • Current: 398 days
  • March 15, 2026: 200 days
  • March 15, 2027: 100 days
  • March 15, 2029: 47 days

By 2029, certificates will need to be renewed roughly every 6–7 weeks, or eight times per year instead of once annually. For organizations managing hundreds—or thousands—of certificates, this change fundamentally alters the operational burden.

Why SSL/TLS Certificate Validity Is Shrinking

The primary driver behind shorter certificate lifespans is improved security. Reducing validity periods limits the window in which a compromised certificate can be exploited and decreases reliance on imperfect revocation mechanisms such as CRLs and OCSP.

This shift also accelerates the adoption of automated certificate lifecycle management, which will be essential as renewal frequency increases. In short, automation stops certificate renewal from becoming a ticking time bomb.

The Cost of Manual SSL/TLS Certificate Renewals in a 47-Day World

Under the traditional annual renewal model, manual certificate management was inconvenient—but manageable. Industry estimates suggest it takes approximately four hours per certificate to identify, generate, install, and validate a renewal.

For an organization managing 1,000 certificates, that equates to roughly 4,000 hours per year today.

Now apply those same assumptions to a 47-day validity model:

  • 1,000 certificates × 4 hours × 8 renewals per year
  • 32,000 hours annually — an eight-fold increase in effort

Labor Cost Impact

At an estimated $120,000 per year per IT engineer, manual renewals alone could require the equivalent of 24 full-time employees, or approximately $2.88 million annually, just to keep certificates from expiring.

And that doesn’t include:

  • Time spent scripting and testing workarounds
  • Overtime or contractor costs
  • Downtime remediation when a certificate expires unexpectedly

While automation significantly reduces these costs, relying on spreadsheets, ticket reminders, or calendar alerts quickly becomes unsustainable at 47-day renewal intervals—and dramatically increases outage risk.

Business Risks of Expired SSL/TLS Certificates

A single expired certificate may seem like a minor technical issue. In reality, the business impact can be severe.

Customer-Facing Outages

When certificates expire, browsers display warnings or block access entirely. For e-commerce, financial services, healthcare, or SaaS platforms, this often results in:

  • Lost transactions and revenue
  • Customer frustration and churn
  • Brand and reputation damage

In large enterprises, even minutes of downtime tied to certificate failures can cost thousands of dollars per minute in lost revenue and SLA penalties.

Operational and Integration Failures

Certificates secure far more than public websites. They authenticate:

  • APIs and microservices
  • Internal applications
  • Federated identity systems
  • Network and security appliances

When certificates expire, applications fail to authenticate, automated processes stop, and supply-chain integrations break—often triggering urgent, high-visibility incident response efforts.

Compliance and Audit Exposure

Expired certificates can also violate security and compliance frameworks such as PCI DSS, ISO 27001, and SOC 2, leading to audit findings, remediation costs, and potential penalties.

Why Certificate Lifecycle Automation Is No Longer Optional

The shift to 47-day certificate validity is not just a technical update—it is a forcing function to modernize security and operational practices.

Organizations that embrace automation now will be better positioned to:

  • Maintain uptime and customer trust
  • Reduce operational risk and labor costs
  • Reallocate skilled resources to higher-value initiatives
  • Stay compliant as security standards evolve

Waiting until 2029 to prepare is like waiting until the storm starts before buying an umbrella.

Is Your Organization Ready for 47-Day SSL/TLS Certificates?

As certificate lifespans shrink, business and technology leaders should ask a few critical questions:

  • Do you have a complete and accurate inventory of all SSL/TLS certificates across your environment?
  • Have you—or your customers—ever experienced a service disruption caused by an expired certificate?
  • What was the business impact in terms of revenue, customer trust, or reputation?
  • How long would it take your organization to detect and recover from a certificate-related outage today?
  • Are certificate renewals tracked manually, semi-automated, or fully automated?
  • Do you rely on spreadsheets, reminders, or tribal knowledge to manage certificate lifecycles?

If any of these questions raise concern, you’re not alone—and waiting until 2029 will only increase risk.

Turning a Mandate into a Strategic Advantage

While the move to 47-day SSL/TLS certificates may appear challenging, it also presents a strategic opportunity to strengthen security, eliminate unnecessary manual effort, and protect business-critical systems.

At Collective Insights, our Identity & Access Management practice helps organizations prepare for this shift by modernizing certificate lifecycle management, improving visibility, and aligning security operations with business risk and compliance goals.

If you’re unsure where certificates live, how they’re managed, or whether your organization is prepared for shorter validity periods, now is the time to act.

👉 To learn more about how Collective Insights can help you modernize certificate and identity management, contact us to start the conversation.

Featured

Aligning Workstreams for An In-Flight Program

Aligning multiple workstreams on an in-flight program can feel like taking over a ship in the middle of a hurricane, with each workstream crashing towards its siloed goals and milestones.

Passwords in a Passwordless World: How FIDO Tokens and MFA Offer a Solution Enhancing Security and Usability for Shared Kiosk Environments

The Impact of Supply Chain Shortages on Businesses and Consumers

The Missing Link: Organizational Alignment Across the Enterprise Is Key To Delivering Value To Customers

The Importance of Process Design and Business Process Management (BPM)

Technology strategy & architecture
Strategic execution
Organizational change & talent
Supply chain transformation
Enterprise technology transformation
Identity & access management
Data protection
Threat protection
AI & Workplace Modernization
Data & analytics
Privacy policy
Terms of Use
Sitemap
3500 Lenox Rd, Suite 1800, Atlanta, GA 30326