SECURITY NOW EPISODE No 1022
Refer “Security Now” Ep 1022 issued on 23/4/25.
About 1 Hr 32 Mins to 1Hr 51 Min
SUMMARY OF THE CHANGES
The maximum lifetime period for SSL/TLS certificates is currently 398 days. However, the people who control the issue as well as major browsers, are gradually reducing this to 47 days by March 2029. All major browsers (from Apple, Google, Mozilla, and Microsoft) are going to enforce the new rules, and the reason is to increase security by reducing the risk of compromised certificates.
A summary of the changes:
- Current: Certificates can be valid for up to 398 days.
- March 15, 2026: The maximum lifespan will be reduced to 200 days.
- March 15, 2027: The maximum lifespan will be reduced to 100 days.
- March 15, 2029: The maximum lifespan will be reduced to 47 days.
It just so happens that I got an email from my web hosting company that I did not fully understand – but now all is clear.
Steve Gibson, the host of the podcast “Security Now,” is not happy and I am also not happy. I hope that web hosting companies will provide some sort of automation to make the process easier.