Certificate management

Automate now. Avoid outages later.

Keep renewals and deployments on track before lifecycles compress to 47 days.

Watch the video

Talk to an expert

Prepare now prevent outages later
Video

Expert Q&A

Hear directly from CA/B Forum leaders on what's changing—and what to do next.

Watch the Q&A

Lifecycle certificate

Rules & Timeline

See the confirmed schedule for 200-day, 100-day, and 47-day lifecycles.

Read the update

Certificate automation

Automation wins

See how automation keeps renewals and deployments on track as lifecycles shrink.

Explore automation

Shorter lifecycles raise the stakes

As TLS/SSL certificate lifetimes shrink to weeks, manual renewals become a reliability risk.

Renewals become continuous

What used to be occasional work becomes a nonstop cycle of renewal, validation, and deployment across teams and systems.

Renewals become continuous

TLS touches everything

Web servers, APIs, apps, and internal services all depend on certificates, so one missed renewal can ripple across critical systems.

Tls touches everything

Automation is the only path

Standardize renewals and deployments now, as 47-day certificates and 10-day validation windows leave no room for manual recovery.

Get ahead of the curve

Automation is the only path

Built for the 47-day era

Certificate outage

Prevent outages

Keep certificates renewed and deployed before they expire.

Lifecycle renew recycle modernize

Reduce manual work

Eliminate tickets, scripts, and last-minute renewals.

Document secure policy

Standardize renewals

Apply consistent policies across teams, systems, and environments.

Visibility

Stay audit-ready

Maintain clear visibility and reporting for compliance reviews.

style
highlight

Stay on top of shrinking lifecycles

As lifecycles compress, automation keeps certificates deployed, current, and compliant.

2026

200-day certificates

Increase renewal cadence and reduce handoffs across teams.

2027

100-day certificates

Shift to near-monthly renewals for public TLS at scale.

2029

47-day certificates

Operate continuous renewal and deployment to stay online.

Proven at scale

99.99%

Uptime SLA

25+

Annual audits

28B

Web connections secured daily

90%

Fortune 500

style
highlight

Scale for the 47-day era

Choose the path that reduces renewal volume, protects uptime, and fits the certificate environment you run today.

Automate public TLS

Automate renewal, validation, and deployment so shorter lifecycles and 10-day reuse windows do not turn routine management into outage risk.

Explore automation

Automate public tls

Right-size your certificate strategy

Move internal-only services to Private PKI to reduce public renewal volume, ease operational pressure, and keep policies under your control.

Explore Private PKI

Right size your certificate strategy

Use the right PKI for the job

For non-browser use cases, consider X9 PKI to avoid browser-driven rules and use a trust model designed for that ecosystem.

Explore X9 PKI

Use the right pki for the job

Stay informed. Stay compliant.

FAQ

FAQs: 47-day TLS Certificates

Get the FAQ

TEI Study

The Total Economic Impact of DigiCert ONE

Get the TEI study

Blog

TLS Certificate Lifetimes will Officially Reduce to 47 Days

Read the article

Webinar

Chaos to Control: Automating PKI for Modern Workflows

Watch the webinar

White paper

Upgrading WebPKI for 10X Scale

Get the white paper

Data sheet

Simplify Private Trust

Get the data sheet

You asked. We answered.

What's changing, what to do now, and how to reduce renewal risk as lifecycles shrink.

What changes are coming for TLS/SSL certificate lifetimes?
Publicly trusted TLS/SSL certificates will move to shorter maximum lifetimes on a phased schedule, ending with 47-day lifecycles.
What do we need to do, and how urgent is it?
Start now by inventorying certificates, confirming where they're deployed, and automating renewal and deployment so shorter lifecycles don't create outages.
What is a private PKI, and when would we use it?
Private PKI issues certificates for internal systems and non-public services, giving you more control over policy, lifetimes, and operations.
Why use a full Certificate Lifecycle Management system instead of building automation ourselves?
A CLM platform helps you automate end-to-end workflows (discovery, renewal, deployment, monitoring, and policy) across diverse environments, not just one integration.
What is X9 PKI, and why would it matter?
X9 PKI is designed for certain non-browser use cases so teams can use a public PKI built for that ecosystem rather than browser-driven rules.

Ready to make renewals automatic?

Explore automation Talk to an expert

Storylane screenshot