The CA/Browser Forum (a group comprising certificate authorities and browser vendors) has approved a major update to the security rules for TLS certificates. This decision aims to gradually reduce the maximum validity period of security certificates in order to strengthen the overall security of the Internet and encourage the automation of their management.
In practice:
- Until March 15, 2026, SSL certificates could be issued with a maximum validity period of 398 days (approximately 13 months).
- Starting March 15, 2026, this maximum period will be reduced to 200 days (approximately 6 months and 20 days).
- Starting in March 2027, this duration will be 100 days, and then in 2029: 47 days...
The goal of these duration reductions is to limit the impact of compromised keys over time and to reduce windows of exposure to attacks.
As a high-value-added hosting provider, we must adapt our processes: operations that we previously performed annually will now need to be scheduled twice a year.
Although this change increases the frequency of our technical actions, it contributes to:
- Improved security for your services
- A more modern and resilient infrastructure.
Translated with DeepL.com (free version)