The Transition to 90-Day TLS/SSL Certificates: What You Need to Know

Why Are TLS/SSL Certificates Becoming Shorter?

TLS/SSL certificates are crucial for securing online communications, ensuring that data transferred between a server and a user is encrypted and authenticated. Historically, certificates were valid for several years. However, over time, these validity periods have been reduced, with the latest move bringing certificates down to 90 days.

This shift is primarily driven by security concerns. The longer a certificate is valid, the greater the risk of it being compromised or becoming outdated as companies change, merge, or their domains evolve. Shorter lifespans ensure that certificates are revalidated more frequently, reducing the window of opportunity for attackers​.

Google’s push for shorter certificate lifespans is also intended to promote automation, encouraging organisations to move away from manual certificate management, which is prone to human error and can lead to costly outages​.

A timeline infographic illustrating the impact of certificate outages on major companies between 2018 and 2023. The timeline highlights high-profile incidents involving companies such as O2, Spotify, Cisco, and Microsoft Teams, among others, caused by expired or invalid certificates. Each incident details the downtime experienced and its impact on customers and services, emphasizing the widespread issue of certificate-related outages across industries. The infographic underscores the importance of automated Certificate Lifecycle Management (CLM) to prevent such outages and ensure business continuity, security, and customer trust.

The Challenges of 90-Day Certificates.

While the security benefits are clear, the move to 90-day certificates presents significant operational challenges. Managing certificates on such a short cycle will require organisations to renew certificates four times a year, rather than once, significantly increasing the workload for IT teams.

1. Increased Workload.

Organisations will need to renew certificates more frequently, which could overwhelm teams relying on manual processes. Tracking expiration dates, renewing certificates, and deploying them across multiple systems and environments will become much more difficult without automation.

2. Risk of Expired Certificates.

Expired certificates can cause major disruptions. Websites can become inaccessible, displaying security warnings that drive customers away. In the UK, where online business and e-commerce are thriving, an expired certificate could result in substantial financial loss and damage to an organisation’s reputation.

3. Impact on Operations and DevOps.

DevOps teams, responsible for maintaining secure containerised environments, will need to integrate certificate management more deeply into their workflows. Failure to renew certificates in a timely manner could result in downtime, impacting critical online services and applications​.

Why Manual Management is No Longer Sustainable.

In the past, organisations often relied on manual methods such as spreadsheets to track certificate expiration dates. However, with the move to 90-day certificates, manual management is no longer feasible for most businesses, particularly those operating in complex digital environments with multiple certificates. Managing this process manually increases the risk of human error, which can lead to outages, security breaches, and compliance failures.

The Role of Automation.

Benefits of Automation:

  • Reduced Risk of Outages: Automated systems can monitor certificates in real time and issue alerts when certificates are about to expire. This proactive approach helps prevent service outages caused by expired certificates.
  • Improved Security: Automation ensures that all certificates are renewed in a timely manner, reducing the risk of security breaches and ensuring compliance with industry regulations. This is especially important in sectors such as finance and healthcare, where data protection is paramount.
  • Scalability: As businesses grow and deploy more certificates across their digital infrastructure, automation provides the scalability needed to manage large volumes of certificates efficiently. This is crucial for organisations that operate across multiple domains, cloud environments, and applications.
  • Cost Efficiency: By reducing the reliance on manual processes, automation frees up IT resources to focus on more strategic tasks, while minimising the costs associated with outages and breaches.

Preparing for the Future: Beyond 90-Day Certificates.

The transition to 90-day certificates is just one part of a broader trend towards more frequent revalidation and the use of more secure cryptographic algorithms. With the growing threat of quantum computing, which could break current encryption methods, the need for automation and advanced cryptography will become even more pressing.

Organisations that invest in automated CLM systems now will not only be prepared for the 90-day shift but also better equipped to handle future security challenges. This includes the transition to quantum-resistant encryption.

The move to 90-day TLS/SSL certificates marks a significant change in digital security. While it enhances security, it also increases the complexity of certificate management. To successfully navigate this shift, UK organisations must embrace automation. Automated CLM systems will reduce the risk of outages, improve security, and allow businesses to scale their operations efficiently.

As the industry moves towards more frequent certificate renewals and the adoption of quantum-resistant algorithms, now is the time for organisations to modernise their certificate management processes and future-proof their security infrastructure.