Release Date: 2026-03-10
Compliance
-
Updated CIS Benchmark for Microsoft Windows Server 2019.
Bug Fixes and Minor Improvements
-
Improved certificate validation to align with new CA/B Forum Baseline Requirements.
TLS Certificate lifetimes
The CA/Browser Forum approved Ballot SC-081v3, which introduces a phased reduction of the maximum validity period and validation reuse periods for publicly trusted TLS subscriber certificates.
This change updates the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, specifically:
-
Section 6.3.2 – Certificate Validity Period
-
Section 4.2.1 – Reuse of validation data
The current maximum lifetime for publicly trusted TLS certificates is 398 days. Under Ballot SC-081v3, the maximum validity period will be reduced in several phases between 2026 and 2029.
The dates below indicate when the new limits apply to certificates issued on or after the specified date. Certificates issued before the effective date are not affected and remain valid until their original expiration date.
Timeline for Maximum TLS Certificate Validity
2026-03-15
Maximum validity period for subscriber certificates: 200 days
2027-03-15
Maximum validity period for subscriber certificates: 100 days
2029-03-15
Maximum validity period for subscriber certificates: 47 days
Sources
CA/Browser Forum — Ballot SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods
https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/
CA/Browser Forum — Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (Section 6.3.2 and 4.2.1)
https://cabforum.org/baseline-requirements-documents/