The CA/Browser Forum is making waves in the tech world with a significant decision to shorten the lifespan of TLS certificates. Effective April 11, 2025, the forum officially voted to amend the TLS Baseline Requirements, setting a new validity timeline of just 47 days for these certificates by March 15, 2029. This shift is expected to greatly impact how IT enterprises prioritize their operational strategies and security measures, pushing automation in certificate lifecycle management to the forefront. The reduction in certificate lifespan poses a challenge to organizations heavily reliant on manual processes, highlighting the importance of automated systems in avoiding potential certificate-related outages.
The article underscores serious incidents caused by mismanaged certificates, using examples like the Microsoft Teams outage in February 2020 due to an expired authentication certificate and similar mishaps faced by SpaceX’s Starlink and Alaska Airlines. These incidents underscore the risks organizations face when manual certificate processes falter, highlighting the need for robust certificate lifecycle automation. Fortunately, tools like HashiCorp Vault stand ready to mitigate such risks by offering automated, centralized certificate management and renewal processes, ensuring secure and efficient certificate handling.
By leveraging HashiCorp Vault’s capabilities, such as its comprehensive auth model and automated certificate management, enterprises can seamlessly adjust to the forthcoming certificate changes. With Vault, organizations have a robust toolkit to ensure less manual intervention, mitigate risks of potential outages, and maintain uninterrupted service availability. Enterprises looking to navigate this transformative period can consider adopting Vault as a strategic move toward safeguarding against certificate-related disruptions.
News: 47-day certificates lifespan mandate: How we can help
Documentation: Microsoft TLS Certificate Lifetimes
