-
Platform
Back
DigiCert ONE Integrations
-
Solutions
Back
-
Buy
Back
Signing Certificates
- Company
-
Resources
Back
-
Support
Back
Resources
Contact Support- Americas
- 1.866.893.6565 (Toll-Free U.S. and Canada)
- 1.801.770.1701 (Sales)
- 1.801.701.9601 (Spanish)
- 1.800.579.2848 (Enterprise only)
- 1.801.769.0749 (Enterprise only)
- Europe, Middle East Africa
- +44.203.788.7741
- Asia Pacific, Japan
- 61.3.9674.5500
- Americas
-
Language
- Contact us
Shortened TLS/SSL Certificate Validity:
Frequently Asked Questions
In May 2025, the CA/B Forum approved a browser-sponsored ballot that will shorten public TLS/SSL certificate lifecycles to 47 days by 2029. The change applies to all CAs, including DigiCert, and is designed to strengthen TLS/SSL security by reducing the window for compromised keys and improving cryptographic agility.
The first stage of this transition begins March 15, 2026, when the CA/B Forum’s maximum permitted public TLS/SSL certificate validity drops from 398 days to 200 days.
To align with this first milestone, starting February 24, 2026, all public TLS/SSL certificates issued through DigiCert, including QWAC and QWAC PSD2 certificates, will be limited to a maximum validity period of 199 days. DigiCert sets its limits one day below the CA/Browser Forum maximums to ensure continuous compliance.
The CA/B Forum ballot also includes new guidelines for domain and organization validation reuse. See below.
What’s Changing: New Validity Limits for Certificates, Domains, and Organizations
Public TLS/SSL validity schedule
Domain validation reuse period reduction schedule
OV organization validation reuse period reduction schedule
Frequently Asked Questions
DigiCert will meet the first phase of the industry’s move toward 47-day certificates on February 24, 2026, at 18:00 UTC.
Starting at that time, all public TLS/SSL certificates issued by DigiCert will have a maximum validity of 199 days, including EU Qualified Website Authentication Certificate (QWAC) and QWAC PSD2 certificates. Be sure to complete any order requests with greater than 199-day validity well before this date.
Note: This change applies to reissued certificates as well, even if the original certificate’s validity period exceeds 199 days.
See Moving to 199-day validity for public TLS certificates to learn more.
Related OV organization validation change
February 24, 2026, at 18:00 UTC – DigiCert’s domain validation reuse period will be shortened from 825 to 397 days. OV organizations must now be revalidated every 397 days.
Note: DigiCert’s validation reuse period for existing OV organizations will also be shortened to 397 days on February 24.
Related domain validation change:
February 24, 2026, at 18:00 UTC – DigiCert’s domain validation reuse period will be shortened from 397 days to 199 days.
Note: DigiCert’s validation reuse period for existing domains will also be shortened to 199 days on February 24.
Certificate validity changes
Public EV products
Public OV products
Public DV products
EU Qualified Website Authentication Certificates (QWAC)
EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)
OV organization validation reuse changes
Public OV products
X9 certificates that leverage OV organization validation
Domain validation reuse changes
Public EV products
Public OV products
Public DV products (CIS customers only)
EU Qualified Website Authentication Certificates (QWAC)
EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)
PKIo Private Services Server
X9 for TLS
CertCentral
CertCentral Europe
Trust Lifecycle Manager
API order requests with a validity period greater than 199 days will be automatically adjusted to 199 days on February 24, 2026. This change is intended to prevent unexpected errors and ensure your requests continue to process successfully.
See CertCentral Services API requests will automatically be adjusted to 199 days to learn more about impact to API behaviors and endpoints.
No. Your existing certificates will not be impacted by the change on February 24. Certificates issued prior to February 24 will remain valid through their original expiration date.
No. Existing certificates are not affected when the associated domain or organization validation expires. You can continue to use the certificates until they expire.
No, you don’t need to reissue your existing certificates. You can continue to use them until they expire.
No. You cannot submit a duplicate request if the associated domain or organization validation has expired. Once both the organization and domain validation are up to date (revalidated), you will be able to submit the duplicate request.
Yes. You can still submit a reissue order request even if the associated domain or organization validation has expired. However, the domain or organization will need to be revalidated before the certificate can be issued.
The maximum certificate validity will be shortened to 47 days by 2029, which will make manual certificate lifecycle management (CLM) impractical. DigiCert strongly recommends you adopt automation solutions through CertCentral and our enterprise certificate management solution, Trust Lifecycle Manager. Contact your account manager if you want to learn more about automation.
See additional resources:
Still need assistance? DigiCert’s support team is happy to help.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
Company
-
My Account
-
Resources
-
Sites
-
© 2025 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings