Home > Resources > Articles > Shorter Certificate Lifespans

Apple Pushes for Shorter Certificate Lifespans, Shortening to 47 Days by 2028

This article was updated on 28 Nov 2024 to reflect the latest announcement from Apple.

Apple accelerates the pace of certificate lifespan reduction

On 9th October 2024, Apple announced a significant proposal to further shorten the lifespan of SSL/TLS certificates. This move aims to enhance web security and reduce the risk of vulnerabilities.
This announcement came after Google’s 90-Day proposal and the CA/Browser Forum to incentivise automation for Public Certificate Authorities (CAs). With the emergence of quantum computing, the reduction of certificate lifespans is inevitable.

What exactly is the big change?

  • The current maximum public TLS certificate you can request is 13 months (398 days).
  • Certificate lifespans will be progressively reduced over the next few years, culminating in a maximum lifespan of 47 days by 2028.

Apple’s 47-Day Proposal

Maximum Certificate LifespanDate
200 Days15 Mar 2026
100 Days15 Mar 2027
47 Days15 Mar 2028

Keep certificates current, effortlessly.
Ask us how to manage the new 45-day change.

    You have read, understood and agree to be bound by the Netrust's Personal Data Protection Policy as may be amended from time to time and agree that we may collect, use and disclose your personal data as provided in this form for the purposes set out in the Personal Data Protection Policy. Where you are providing us with personal data of another individual, you warrant that you are authorised to consent to the Data Protection Policy and provide us with such personal data on his/her behalf.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    How does this affect me?

    This accelerated timeline for certificate lifespan reduction will have a direct impact on organisations:
    • Increased Management Overhead: IT teams will need to manage the renewal of certificates at a higher frequency rate thus increasing the volume of certificate renewals.
    • Potential for Disruptions: Manual processes may not be sufficient to keep up with the rapid pace of certificate expiration.
    • Increased Chance of Mistake: With the increased manual generation of certificate requests, administrators are potentially exposed to increased chances of making mistakes.

    Why the change?

    The shortening of certificate lifespans is driven by the need to mitigate security risks associated with compromised certificates. Shorter lifespans make it more difficult for attackers to exploit vulnerabilities and compromise websites.

    Stricter DCV Reuse

    In addition to the shorter lifespans, Apple is also proposing a stricter DCV reuse.

    Understanding DCV

    Document Challenge Validation (DCV) is a security measure used by CAs to verify domain ownership. It involves adding a specific HTML file to the website’s root directory. This file proves that the applicant has control over the domain.
    DCV reuse period will also be shortened, reaching a minimum of 10 days in 2028.
    DCV Reuse PeriodDate
    200 Days15 Mar 2026
    100 Days15 Mar 2027
    10 Days15 Mar 2028

    The impact of shorter DCV reuse periods

    With shorter DCV reuse periods, certificates issued using the same DCV challenge will have shorter lifespans. This means that CAs will need to perform more frequent validation checks to ensure that certificates remain valid and secure.

    The Solution: Automated Certificate Lifecycle Management

    To address these challenges, organisations should adopt automated certificate lifecycle management (CLM) solutions. CLM tools can:
    • Automate Renewals: Automatically renew certificates before they expire.
    • Monitor Expirations: Proactively track certificate expiration dates.
    • Centralise Management: Consolidate certificate management into a single platform.

    Netrust: Your Partner in Certificate Management

    Netrust offers a suite of comprehensive solutions to address the evolving landscape of certificate management.
    Don’t let shorter certificate lifespans disrupt your operations. Contact Netrust today to learn how our CLM solutions can help you maintain security and compliance.
    image

    Keep certificates current, effortlessly.
    Ask us how to manage the new 45-day change.

      You have read, understood and agree to be bound by the Netrust's Personal Data Protection Policy as may be amended from time to time and agree that we may collect, use and disclose your personal data as provided in this form for the purposes set out in the Personal Data Protection Policy. Where you are providing us with personal data of another individual, you warrant that you are authorised to consent to the Data Protection Policy and provide us with such personal data on his/her behalf.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.