90-Day SSL Certificates Are Coming
It's Time to Automate!
Organizations that are still taking a manual approach to digital certificate management have heightened risk of outages, breaches, and increased costs.
With the upcoming changes to SSL/TLS certificate validity periods, automate certificate lifecycle management and experience full peace of mind with Sectigo Certificate Manager.
Want to see ACME Certificate Automation in action? Schedule a demo today!
Unlock the power of CLM with Sectigo Certificate Manager
Sectigo offers an automated Certificate Lifecycle Management (CLM) platform that creates a reliable, consistent, touchless process for the entire lifecycle of digital certificates. From discovering and provisioning to revoking and replacing or renewing, and all the subtasks in between, our CA agnostic platform allows organizations to manage all of these tasks in one place.
The trend of shrinking certificate lifespans is one Sectigo predicted as far back as 2019. In recent years the maximum term for a public TLS (also called SSL) certificate has dropped from three years to two to one, and on March 3, Google announced in its “Moving Forward, Together” roadmap the intention to reduce the maximum validity for public SSL/TLS certificates from 398 days to 90 days, in a future policy update or a CA/B Forum Ballot Proposal.
This step toward even shorter certificate lifespans represents a significant change in how companies will approach digital trust. The traditional approach of undertaking the lifecycle management of digital certificates with spreadsheets and siloed point-solutions is no longer sustainable. Most enterprises have a large number of digital certificates, which will make manual management of the 90-day certificates a tedious task.
This isn’t about one certificate that must be dealt with four times per year, it’s about dozens, hundreds, or thousands of digital certificates.
To reduce the risk of expirations and outages and take advantage of the benefits of short life certificates, automation is crucial.
“Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes.”
– Google, “Moving Forward, Together” roadmap
The Automatic Certificate Management Environment (ACME) is the preferred automation protocol for public certificate issuance and management. Google highlights ACME as core to the automation of digital certificate lifecycles and lays out the benefits of automation in the context of shorter certificate lifespans. These include increased resilience and agility, which can help organizations more easily transition to quantum-resistant algorithms. However, the benefits of automation don’t stop there.
Reduce the risk of human error. Manual processes are prone to mistakes, such as misconfiguration or missing a renewal deadline, which can result in cybersecurity vulnerabilities, outages and breaches. Automation can help ensure that all digital certificates across a network are deployed correctly, and critical tasks such as key rotation and certificate revocation are performed promptly and without error.
Spend less by automating certificate management. It could easily take over an hour for an administrator to manually renew a single digital certificate. This is incredibly costly at scale and error-prone. Automation removes the need for this time-intensive manual approach and allows administrators to focus on more important tasks.
Comply with industry regulations and standards. Automated certificate management processes can provide organizations with better visibility into their certificate inventory, making it easier to track and manage certificates across the organization.
Easily manage growing numbers of digital certificates and scale them across increasingly complex enterprise network environments.
Build a powerful CLM platform with Sectigo
Sectigo Certificate Manager integrates with leading technology providers to give customers deployment flexibility and customizations to work within their unique environments.
Frequently Asked Questions
Without automation, IT departments are going to have a much heavier workload. Currently certificates are valid for 398 days. When lifespans drop to 90 days IT will have to renew certificates at least 5 to 6 times a year, as they will need to rotate and overlap certificates. However, automation can support IT teams with manual work overload.
If automation isn’t an option, certificates will have to be manually managed. However, manually managing digital certificates will take time, expose you to errors, and can result in expired certificates.
Yes, we do anticipate that lifespans will be further lowered after this reduction, and with automation becoming more widely used. Although the specifics are unknown at this time, we are certain that it will occur.
Google’s “Moving Forward, Together” plan. The roadmap specifically outlines Google’s desire to promote automation and cites ACME as being essential to the automation of digital certificate lifecycles. Sectigo Certificate Manager integrates with the ACME protocol, as well as other popular automation protocols.
Learn more about 90-day certificates
Whitepaper from Sectigo
Digital Certificate lifespans are shortening. For CISOs this represents a major change in the way they will establish digital trust in the future.
Webinar from Sectigo
Join our webinar to hear about the implications of Google's plans to reduce TLS certificate validity from 398 to a maximum of only 90 days.
Blog Post from Sectigo
On March 3, Google announced in its “Moving Forward, Together” roadmap the intention to reduce the maximum possible validity for public TLS certificates from 398 days to 90 days, in a future policy update or a CA/B Forum Ballot Proposal. This drop to only 90 days maximum validity will mean major changes for the industry.
Get in touch to book a demo of Sectigo Certificate Manager today!
