New TLS Certificate Mandate Will Disrupt Digital Infrastructure: What Your Organization Needs to Know Now

West Des Moines, IA | July 28, 2025 | A significant shift in internet security standards is set to impact businesses across every industry. The CA/Browser Forum, which governs global rules for digital certificate issuance, is reducing the maximum lifespan of public TLS/SSL certificates to 200 days next year, and eventually just 47 days.

This policy change will fundamentally alter how organizations manage certificates used to secure websites, APIs, mobile apps, cloud services, and internal systems. Yet many companies are still unaware of the operational, security, and compliance risks this poses.

What Is Changing?

TLS certificates verify that a digital service or website is authentic and secure. They are essential to protecting user data, preventing man-in-the-middle attacks, and enabling encrypted communications.

Currently, TLS certificates are valid for 398 days. Under the new rules:

• The maximum certificate lifespan will drop to 200 days in March 2026
• It will decrease further to 47 days by 2029
• Organizations will need to renew and manage certificates up to 12 times a year

Why It Matters

As certificate lifespans shorten, the margin for human error shrinks. Companies without visibility into their certificate environments (let alone automation) face a rising risk of:

• Application outages
• Customer-facing security warnings
• Compliance failures
• Reputational damage

Manual certificate tracking, spreadsheets, or disjointed renewal processes are no longer sustainable. Enterprises with growing hybrid environments and cloud architectures may have hundreds or even thousands of public certificates in use, many unknown or unmanaged. 

This creates an urgent need for centralized certificate lifecycle management (CLM), automation, and visibility across all digital assets.

Preparing for the 47-Day Certificate Era – Certificate Scan & Readiness Assessment

Zirous has partnered with CyberArk to help organizations prepare for the upcoming TLS certificate mandate. This engagement includes a CyberArk-powered scan of your public certificates and a 47-Day Readiness Assessment that identifies risks, renewal challenges, and automation opportunities, giving you a clear path to compliance and operational resilience.

Let’s make sure you are prepared for the CA/Browser Forum’s upcoming mandate to shorten TLS certificate lifespans before the 2026 changes take effect.

About Zirous

Zirous is a technology consulting firm headquartered in West Des Moines, Iowa, with over 35 years of experience helping organizations strengthen their security posture through governance, identity management, and cybersecurity solutions. As a trusted partner to leading providers like CyberArk, SailPoint, Oracle, AWS, and Microsoft, Zirous delivers scalable strategies that protect digital assets, streamline access controls, and ensure regulatory compliance in complex enterprise environments.