惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
IT之家
IT之家
Cyberwarzone
Cyberwarzone
T
Troy Hunt's Blog
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
The Hacker News
The Hacker News
Jina AI
Jina AI
T
Tor Project blog
V
Vulnerabilities – Threatpost
酷 壳 – CoolShell
酷 壳 – CoolShell
Spread Privacy
Spread Privacy
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog
Security Latest
Security Latest
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
I
Intezer
The Cloudflare Blog
Cisco Talos Blog
Cisco Talos Blog
SecWiki News
SecWiki News
博客园 - 【当耐特】
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
Lohrmann on Cybersecurity
Scott Helme
Scott Helme
Google Online Security Blog
Google Online Security Blog
量子位
The Last Watchdog
The Last Watchdog
AI
AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security Affairs
P
Palo Alto Networks Blog
S
Secure Thoughts
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Attack and Defense Labs
Attack and Defense Labs

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to roll out an enterprise passkey deployment How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
TLS certificate lifetime changes: What CISOs must do now | TechTarget
Samira Sarraf · 2026-07-02 · via Search Security Resources and Information from TechTarget

TLS certificates now expire after 200 days. That window will soon narrow to 100 days and eventually to 47. Is your organization ready?

Organizations that rely on manual TLS certificate lifecycle management are racing against the clock. The 200-day certificate timeline, which took effect in March 2026, means the first wave of certificate renewals will arrive within a matter of months.

"People will feel the realities when they start to renew those first sets of certificates," said Sarah Almond, an analyst at Gartner. Nick France, CTO at Sectigo, a certificate authority (CA) and certificate lifecycle management (CLM) provider, agreed, calling September and October a "wake-up call" for organizations that aren't ready.

The March 2026 change is just the first in a series of updates to certificate lifetimes. The phased approach set by the CA/Browser Forum, a consortium of CAs and browser vendors that sets standards for digital certificates, will further reduce the period to 100 days in March 2027 and ultimately to 47 days in March 2029.

The changing lifetimes are being done in the name of security, and experts and CAs warn that the transition requires immediate action to prevent costly outages or breaches that erode customer trust and disrupt operations.

About TLS certificates and expiration

TLS certificates -- digital credentials that verify the identity of a website, server or application -- enable encrypted, authenticated connections that protect data from interception. These certificates carry expiration dates to limit the impact of compromised, stolen or improperly issued certificates, enforce cryptographic upgrades and ensure compliance with policies and regulations.

If a TLS certificate expires, it is no longer trusted to establish TLS connections. Websites using the expired certificate are flagged as insecure by browsers, resulting in businesses losing credibility, trust and revenue. According to CyberArk's 2025 "State of Machine Identity Security" report, 72% of organizations experienced at least one certificate-related outage in the previous year -- before the shortened TLS certificate timeline took effect.

"Every service owner knows that rotation of a certificate must happen before expiration. Otherwise, end users will see scary or confusing error messages and lose trust in the service," said Ken Beer, director of cryptography at AWS.

Why the change?

Improved security is the driver of quicker expiration timelines. The CA/Browser Forum listed six benefits of reducing TLS certificate validity periods:

  1. Certificates represent a snapshot in time. A TLS certificate reflects accurate ownership and validation information when it is issued. In time, that information could become outdated, making shorter certificate lifetimes more reliable.
  2. Outdated certificates create security risks. Changes such as domain expiration, ownership transfers or compromised keys can leave a certificate valid even though the information it contains is no longer accurate, enabling misuse.
  3. Shorter lifetimes reduce the impact of improperly issued certificates. If a CA improperly validates information or issues a certificate incorrectly, shorter validity periods limit how long the bad certificate remains trusted.
  4. Shorter lifetimes drive automation adoption. More frequent renewals push organizations to adopt automated certificate issuance and renewal processes, improving the resilience and reliability of CLM systems.
  5. Certificate expiration provides protection when revocation mechanisms fall short. Revocation technologies, such as certificate revocation lists and OCSP, are not always timely or effective at scale. Shorter certificate lifetimes reduce reliance on those technologies.
  6. Shorter lifetimes improve cryptographic agility. If a cryptographic algorithm becomes vulnerable or obsolete, shorter-lived certificates enable organizations and the internet ecosystem to transition more quickly to stronger cryptography.

Another benefit of shortening the certificate lifecycle is post-quantum cryptography (PQC) readiness. The March 2029 date is close to many predictions of when the industry expects quantum computers to go live -- and when they could break current cryptography algorithms. Shorter certificate lifetimes will make it easier for organizations to transition to quantum-resistant algorithms when current cryptographic standards become vulnerable.

Three critical steps for CISOs

If they haven't already, CISOs and their teams must start focusing on three key areas to prepare for the TLS certificate changes: inventorying, automating CLM and achieving crypto-agility.

Inventory certificates

To secure anything, CISOs must know what they have and where they are -- yet in the case of cryptography, only 32% of organizations have inventoried their assets, according to a Ponemon Institute study.

To begin, CISOs should document all their organization's cryptographic assets. Creating a TLS certificate inventory helps reduce certificate-related outages and identify security risks, such as expired certificates, weak encryption, unmanaged certificates and shadow IT.

To create an inventory, identify certificates across all environments -- servers, devices, the cloud, and Kubernetes and containers -- and correlate them with their business service and owner. Use CLM platforms or cloud-native tools to simplify the process. Establish automated monitoring of factors such as expiration alerts, certificate changes and unauthorized certificates. Review, update and audit the inventory regularly.

Automate certificate lifecycle management

With an inventory in place, CISOs need to plan how to issue, deploy, revoke and renew certificates. While certificate requests and renewals are often automated, legacy systems, change management requirements and operational controls can introduce manual steps that prevent the process from being fully automated.

Brian Trzupek, senior vice president of product at DigiCert, a CA and CLM vendor, said that while many CAs automate certificate installation, the process is still a multistep one. "You start to diminish that because of network deployment aspects," he said. "Then there's the configuration testing of that deployed asset. In some cases, you can readily configuration test that, and others it's more complex, and CAs don't do that. There are layers of automation."

In terms of renewal, organizations definitely need to automate, Almond advised. "Most organizations that I speak to won't be able to cope with a manual process when the renewal period is 47 days," she said. "Some say manual processes will be too disruptive even before we get to 47 days, so at the 100-day point or before."

Greg Wetmore, vice president of product development at Entrust, a CLM vendor, attributed this to the scale of certificates in use today.

"Ten years ago, organizations would have only had a few certificates, and now we're into the thousands, tens of thousands, hundreds of thousands of cryptographic objects," he said.

Build crypto-agility

Moving from manual to automated TLS certification aligns with the broader need for crypto-agility -- the ability to efficiently and quickly switch among cryptographic algorithms, keys and protocols without disrupting operations or sacrificing security -- in the modern digital landscape.

"It's not just changing or shortening certificate lifetimes; there are a lot of other changes happening in our industry -- public certificates, PKI and public CAs -- and a lot of them are customer-impacting," France said. "Everybody needs to start preparing for post-quantum encryption, post-quantum certificates and variants of that."

Almond agreed. "This whole challenge is really one of crypto-agility," she said.

And yet, the Ponemon study found that, despite strong government guidance, only 38% of organizations are actively preparing for the post-quantum era.

Two key steps of achieving crypto-agility are inventorying cryptographic assets and automating processes. Organizations must also control their cryptographic assets with policy, Wetmore said. Other key steps include deploying a key management system, using PKI, and regularly testing and validating systems to ensure they are ready for the challenges posed by quantum computing and other future cybersecurity threats.

What's next? Preparing for inevitable change

The September and October renewal wave will separate the prepared from the unprepared. Organizations that have inventoried cryptographic assets, automated CLM processes and begun preparing for crypto-agility should be able to navigate the change successfully, while the organizations that haven't will face resource-intensive manual reviews, increased risk of outages and other business implications.

As Beer warned, organizations that fail to invest in automation will "waste time and resources managing their PKI, increasing their exposure to certificate-related outages and reducing their ability to use those resources to innovate in other areas of their business."

And the fact of the matter is that more changes to TLS certification lifetimes are coming, and the PQC era will be here before many realize it. The time to prepare is now.

Samira Sarraf is an award-winning international business and technology journalist and editor with 15 years of experience. She has published news and features on CSO Online, CIO.com, Computerworld, ARNnet, TechPartner News and more.

Dig Deeper on Network security