Skip To Main Content
Trustzone Logo
Hometo-icon
Insightsto-icon
Knowledge Baseto-icon
FAQto-icon
200-Day SSL/TLS validity limit

Certificates

    Solutions

      Join our Newsletter

      Contact Us

      200-Day SSL/TLS validity limit

      Following new requirements set by the CA/Browser Forum, the maximum validity period for all SSL/TLS certificates is being reduced to 200 days. This change goes into effect on March 15, 2026.

      Why this change? The PKI industry is moving toward shorter certificate lifecycles to strengthen the security ecosystem. Frequent rotations:

      • Limit the window of opportunity for attackers to use compromised certificates.
      • Ensure that domain control is verified more regularly.
      • Allow for faster adoption of new security standards.

      The 200-day limit is the first step in a broader industry plan where maximum validity is scheduled to be reduced to 100 days (March 2027) and 47 days (March 2029).

      How TRUSTZONE will handle it: You will still be purchasing 1-year SSL/TLS as before, however as a 1-year term that will be delivered via two consecutive certificates:

      1. First certificate: You will receive a certificate valid for 199 days.
      2. Second certificate: This second certificate provides the remaining validity (another 199 days) at no additional cost. A “Paid renewal” counter on the initial certificate will ensure you maintain complete overview.

      Note: For future max validity reductions – to 100 days and 47 days – any remaining paid renewals, will simply be doubled leading to equivalent total coverage.

      Basic UC SSL difference (Sectigo-based certificates)

      Basic UC SSL in particular has a minor difference. Instead of two 199-day certificates, here, a 365 day period will be covered regardless and the duration of the second certificate will depend on the timing of the renewal.

      When is this happening? 

      March 12, 2026: Basic UC SSL (issued by Sectigo),

      March 15, 2026. All certificates issued after this date will be subject to the 199-day limit.

      Impact on existing certificates 

      Certificates issued prior to the March 15 deadline are not affected and will continue to function for their full original term. The new limit only applies to certificates issued after the policy takes effect.

      Impact on current multi-year deals

      For any multi-year SSL/TLS deals any remaining paid renewals will be doubled as the validity period is halved.

      Preparing for Shorter Certificate Lifecycles

      With the gradual reduction of certificate validity periods, renewal frequency will increase significantly. For organizations managing multiple domains or environments, this means more frequent renewals to track, validate, and deploy — increasing the likelihood of oversight and service disruption when handled manually.
      To stay ahead of this shift, you may want to consider automating your certificate management. Our ACME Pro solution automates the entire certificate lifecycle, from issuance to renewal and deployment. This removes manual workload, reduces operational risk, and helps ensure continuous compliance as industry requirements evolve.

      Learn more about ACME Pro HERE

      Jon Tittmann

      Vetting/Support Team Lead & OpEx

      Jon has been an integral part of TRUSTZONE for the past six years, during which he has acquired substantial expertise in the cyber security field. As the team leader for our support team, he possesses a profound understanding of the sector, enabling him to resolve even the most complex challenges within the certificate industry effectively.

      Let’s connect