CyberSecurityBoard
Sponsor Register Login

SSL/TLS certificate lifespans reduced to 47 days by 2029

The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications. Currently, the lifespan and the Domain Control Validation (DCV) of those certificates is 398 days, but the majority of certificate authorities agreed that this is too long in today's security landscape. The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. SSL/TLS certificates are digital files that enable secure communication over the internet (HTTPS) by encrypting data and authenticating websites. This gradual shortening of certificate lifespans gives impacted entities enough time to implement and transition to automated certificate renewal systems, such as those offered by cloud providers, Let's Encrypt, or certificate providers that support the ACME protocol. This proposal would gradually reduce the lifespan of certificates over the next four years from its current 398-day lifespan to 47 days in March 2029. These certificates are also used to authenticate the website and guarantee data integrity, meaning the information exchanged between the user and the server hasn't been tampered with. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Earlier this year, Apple proposed a motion to reduce certificate lifespans, which Sectigo, the Google Chrome team, and Mozilla endorsed. The goal is to minimize risks from outdated certificate data, deprecated cryptographic algorithms, and prolonged exposure to compromised credentials. It also encourages companies and developers to utilize automation to renew and rotate TLS certificates, making it less likely that sites will be running on expired certificates. When those certificates expire without renewal, users see a warning on their browser informing them that their connection isn't private or secure. However, it is expected to force more frequent revalidation of companies requesting certificates, encourage automation, and ultimately make the ecosystem more agile and secure.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 14 Apr 2025 17:50:25 +0000


Cyber News related to SSL/TLS certificate lifespans reduced to 47 days by 2029

SSL/TLS certificate lifespans reduced to 47 days by 2029 - The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications. Currently, ...
1 day ago Bleepingcomputer.com
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
1 year ago Feeds.dzone.com
SSL/TLS Certificates Validity To Be Reduced From 398 Days to 47 Days - Preparing for Quantum Computing: With quantum computing posing future threats to cryptographic security, shorter certificate lifespans promote crypto agility, enabling quicker adoption of stronger algorithms and compliance with evolving standards. ...
1 day ago Cybersecuritynews.com
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
1 year ago Securityboulevard.com
Why is my SSL expiring every 3 months? - Digital certificates, used with the protocol 'TLS' establish secure connections between your web server and the browsers visitors use to view your site. If a user gets a message saying their site's certificate has expired, they may feel it's not ...
1 year ago Securityboulevard.com
Why are IT professionals not automating? - These concerns are no different when it comes to certificate automation. Digital certificates are the fundamental building blocks of cybersecurity infrastructure. The number of certificates we use and the way we use them has grown exponentially. Over ...
1 year ago Helpnetsecurity.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
6 months ago Aws.amazon.com
CVE-2022-49094 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
1 year ago Darkreading.com
CVE-2019-12677 - A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new ...
1 year ago
ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
9 months ago Aws.amazon.com
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
1 year ago Go.theregister.com
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com
CVE-2024-28836 - An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a ...
1 year ago Tenable.com
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
9 months ago Security.googleblog.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
6 months ago Cyberdefensemagazine.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
11 months ago Bleepingcomputer.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270
CVE-2025-25305 - Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used ...
1 month ago Tenable.com
CVE-2020-3196 - A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust ...
1 year ago
The Challenges and Solutions of Transport Layer Security - Transport Layer Security (TLS) is the modern version of the now-outdated Secure Socket Layer (SSL) protocol. It is located between the application protocol layer and the TCP/IP layer, where it can secure and send application data to the transport ...
2 years ago Trendmicro.com
CVE-2022-0778 - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed ...
2 years ago
The Last Mile of Encrypting the Web: 2023 Year in Review - At the start of 2023, we sunsetted the HTTPS Everywhere web extension. It encrypted browser communications with websites and made sure users benefited from the protection of HTTPS wherever possible. HTTPS Everywhere ended because all major browsers ...
1 year ago Eff.org
Proactive Threat Detection: Introducing Threat Hunting Essentials - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Session HTTP cfuvid [x5] discord.comHubspotVimeozoominfo.com This cookie is a part of the services provided by ...
11 months ago Offsec.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)