In March of 2023, Google announced plans in their Moving Forward, Together statement, to reduce the maximum validity period for public TLS certificates to 90 days (down from 398 days). In this statement, Google explains that reducing certificate lifespans to 90 days “will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly.”
In addition to decreasing the maximum validity period for TLS, Google also intends to shorten the domain validation reuse period to 90 days, down from 398 days. Requiring more frequent domain validation is intended to protect domain owners and minimize the risk of Certificate Authorities (CAs) inadvertently using outdated or inaccurate information, which could lead to certificate mis-issuance and potential abuse.
Reducing certificate lifespans aims to drive automation, streamline issuance processes, and mitigate potential security risks associated with longer certificate validity periods. Adopting shorter certificate validity periods will ultimately help:
Google’s proposal ultimately sparked the CA/Browser Forum’s Ballot SC‑081v3, approved in April 2025. But instead of 90 days,the ballot mandates a phased reduction in public TLS certificate validity to 47 days by March 2029, with the first 200‑day limit already in effect as of March 15, 2026.
The industry has been pushing for shorter TLS certificate validity periods for over a decade, with TLS certificate validity continuing to be reduced. As part of a collective effort to fortify security and encourage streamlined certificate management practices, the CA/B Forum has reduced certificate validity, through updated baseline requirements, approximately every 3 years.

Reducing TLS Certificate validity down to 47 days has both positive and negative implications for organizations of all sizes.
While transitioning to 90-day TLS certificates presents challenges, the advantages far outweigh the drawbacks, particularly in the context of today’s dynamic threat landscape. Fortunately, comprehensive, automated Certificate Lifecycle Management (CLM) solutions are readily available to help organizations overcome 90-Day TLS validity hurdles, achieve crypto-agility and reinforce security.
Now that the mandate is in effect, it’s more crucial than ever for organizations to start preparing for the transition to 47-day TLS certificate validity. Google publicly announced their proposal in 2023 to give organizations ample warning and to encourage organizations to take action. Proactive planning, including implementing effective certificate lifecycle management (CLM) strategies and crypto-agility will help ensure a smooth transition to reduced certificate lifespans.