Skip To Main Content
Trustzone Logo
Hometo-icon
Insightsto-icon
Knowledge Baseto-icon
FAQto-icon
FAQ: Changes to SSL/TLS validity

Certificates

    Solutions

      Join our Newsletter

      Contact Us

      FAQ: Changes to SSL/TLS validity

      What is changing? Following new requirements set by the CA/Browser Forum, the maximum validity period for all SSL/TLS certificates is being reduced to 200 days for certificates issued from March 15th, 2026.

      Why this change? The PKI industry is moving toward shorter certificate lifecycles to strengthen the security ecosystem. Frequent rotations:

      • Limit the window of opportunity for attackers to use compromised certificates.
      • Ensure that domain control is verified more regularly.
      • Allow for faster adoption of new security standards.

      How TRUSTZONE will handle it: You will still be purchasing 1-year SSL/TLS as before, however as a 1-year term that will be delivered via two consecutive certificates:

      1. First certificate: You will receive a certificate valid for 199 days.
      2. Second certificate: This second certificate provides the remaining validity (another 199 days) at no additional cost. A “Paid renewal” counter on the initial certificate will ensure you maintain complete overview.

      Basic UC SSL difference (Sectigo-based certificates): Instead of two 199-day certificates, here, a total 365-day period will be covered regardless and the duration of the second certificate will depend on the timing of the renewal.

      When is this happening? 

      March 12, 2026: Basic UC SSL (certificates issued by Sectigo) will be subject to the 199-day limit.

      March 14, 2026. All certificates issued on or after this date will be subject to the 199-day limit.

      Future reductions: The 200-day limit is the first step in a broader industry plan where maximum validity is scheduled to be reduced to 100 days (March 2027) and 47 days (March 2029).

      For future max validity reductions to 100 days and 47 days – any remaining paid renewals, will simply be doubled leading to equivalent total coverage.

      Impact on existing certificates 

      Certificates issued prior to the March 14th, 2026 deadline are not affected and will continue to function for their full original term. The new limit only applies to certificates issued after the policy takes effect.

      If a certificate originally issued before March 14, 2026, is re-issued and more than 199 days remain, the new certificate will be adjusted to comply with the 199-day maximum. Any remaining validity will automatically be re-added through later re-issuance.

      Impact on current multi-year deals

      For any multi-year SSL/TLS deals any remaining paid renewals will simply be doubled as the validity period is halved.

      Preparing for Shorter Certificate Lifecycles with automation

      With the gradual reduction of certificate validity periods, renewal frequency will increase significantly. For organizations managing multiple domains or environments, this means more frequent renewals to track, validate, and deploy – increasing the likelihood of oversight and service disruption when handled manually.

      To stay ahead of this shift, you may want to consider automating your certificate management. Our ACME Pro solution automates the entire certificate lifecycle, from issuance to renewal and deployment. This removes manual workload, reduces operational risk, and helps ensure continuous compliance as industry requirements evolve.

      Learn more about ACME Pro HERE

      If you have any questions to the changes, don’t hesitate to reach out on support@trustzone.com and we will do our best to answer them.