It is a truth universally acknowledged that if you’ve used the internet at any point, there’s a good chance (almost a racing certainty, in fact) that you’ve encountered Google. From its humble beginnings in the 90s as a simple search engine, competing amongst the likes of Yahoo, AOL, and – who can forget – Ask Jeeves, Google has expanded its reach and now dominates the online landscape. When Google speaks, the web listens – and when it comes to TLS requirements, Google has spoken very clearly.
In their ‘Moving Forward, Together’ roadmap, released on March 3rd, Google announced their intention to reduce the maximum validity period of public TLS certificates from 398 days to 90 days. Thus far, there has been no indication as to the specific timing of this transition, but it is likely that the 90-day maximum will be in effect by the end of 2024.
Why the change?
In the roadmap, Google states that the reduction in certificate lifespan will encourage ‘automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes’. In other words, Google are proposing this change in order to prompt a shift away from manual certificate management, and it isn’t too difficult to see why.
If you were only looking after one certificate, 90 days may not be much of a problem, but the reality is that no one who is dealing with TLS certificates will be dealing with just one. In fact, many enterprises will be dealing with hundreds, perhaps even thousands of digital certificates, potentially from multiple different Certificate Authorities (CAs). If it sounds like a daunting prospect, that’s because it is. Manual renewal and deployment of certificates already has its issues, including the significant time and resource expenditure for IT security teams, as well as the much greater risk from both outside cybersecurity threats and simple human error. Reducing certificate lifespan will only exacerbate these existing issues.
Learn more about 90-day certificate validity in this webinar:
The message is clear: manual certificate management will soon be a thing of the past.
What’s the solution?
The good news is that, in this instance, the solution already exists: automated certificate management.
Sectigo Certificate Manager is a CA agnostic Certificate Lifecycle Management (CLM) platform, specifically built to automate digital certificate lifecycles, regardless of the issuing Authority. The platform can assist with discovery of digital certificates across the whole enterprise environment, provide notification of certificate expirations, and automatically provision and deploy renewal and replacement certificates. This not only greatly reduces the strain on security teams, but also virtually eliminates the risk of human error.
The even better news is that Sectigo are ready for Google’s proposed change – in a recent Q&A, they had this to say about the reduction in certificate lifespan:
At Sectigo, we agree that the benefits of short-lived certificates are clear and concur with Google’s assessment that these changes will help improve the overall security of the ecosystem.
Not only are Sectigo in favour of this change, but they have also been predicting the trend towards shorter certificate lifespans since 2019. What does this mean from a customer perspective? Put simply, it means that Sectigo have been preparing for this eventuality for years, and their platform is more than equipped for it.
Are you ready for 90-day certificates? Find out more about the first and most comprehensive CA agnostic CLM on the market here: