IT Notice: SSL/TLS Certificates Shorter Lifespans

Friendly reminder that the first SSL/TLS certificate shortening cycle is approaching on March 15th, 2026 (398 Day to 200 Days). Certificates generated after March 15th, 2026, will have a maximum 200-day lifespan.

Over the past year, the information security team has supported and helped to transition many Facultys/Departments that have already migrated to certificate automation and are well prepared for the first shortening cycle.

What is happening?

As an industry wide move, the CA/Browser Forum of certificate authorities (CAs) has voted to reduce the lifespan of SSL/TLS certificates from 398 days to 47 days in 2029 to help improve security. SSL/TLS certificate lifespans will be gradually reduced beginning on March 15, 2026:

• March 15, 2026: Maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The Domain Control Validation (DCV) reuse period reduces to 200 days.
• March 15, 2027: Maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days.
• March 15, 2029: Maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days. The two-year jump from 2027 to 2029 provides additional time for organization to move to a one-month renewal cadence.

This industry mandated move helps to increase security, prepare for quantum challenges, encourages automation and operational excellence.

What actions do I need to take?

Over the next years, SSL/TLS certificates will gradually have shorter lifespans. Starting on March 15, 2026, SSL/TLS lifespans will be reduced to 200 days until reaching a lifespan of 47 days on March 15, 2029. This provides time for organizations to transition to use certificate automation.

Facultys/Departments are encouraged to have an inventory of their SSL certificates and mapping their systems to adopt SSL Certificate Automation (ACME) or by using another automation protocol.

If you have any questions, please don’t hesitate to contact the Information Security team at c-it-security@mcmaster.ca

Reference Links:

• https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/
• https://www.sectigo.com/resource-library/sectigo-cab-reduce-ssl-tls-certificates-lifespan-47-days