Security News Reading Time: 5 minutes

From 398 Days to 90 Days: Google’s Proposal to Shorten TLS Certificate Validity – How Prepared Are You?

Organizations rely on Transport Layer Security (TLS) certificates to secure their online communications, protect sensitive information, and establish trust with their users. Recently, Google proposed a significant change (Moving Forward, Together) at the Certificate Authority/Browser (CA/B) Forum that focuses on automated certificate lifecycle management by reducing the validity of TLS certificates from 398 days to 90 days. In this article, we explore the implications of this proposal and highlight the critical role of automated certificate lifecycle management in maintaining a secure and efficient online environment.

Understanding Google’s 90-Day Proposal for TLS Certificates

Google’s proposal to reduce the validity of TLS certificates to 90 days aims to enhance security and promote quicker adoption of security updates. Traditionally, TLS certificates have had a validity period of one or two years. However, this extended validity exposes organizations to risks such as undetected compromises and outdated encryption algorithms. By shortening the certificate validity to 90 days, Google aims to encourage more frequent certificate renewals, reducing the window of vulnerability and ensuring organizations stay updated with the latest security measures.

How Google’s Proposed Change Could Impact Your Organization?

Google’s proposal to reduce the validity of TLS certificates to 90 days has significant implications for organizations that rely on manual certificate management processes. Manual certificate management already poses various challenges, and this proposed change further amplifies the difficulties organizations face.

With the reduced validity period, organizations will be required to renew their certificates more frequently, potentially exacerbating the complexities and risks associated with manual management. The shorter validity window burdens IT teams, who must diligently track expiration dates, initiate renewal processes, and ensure the timely deployment of updated certificates across various domains, subdomains, and servers.

Manual certificate management often involves laborious tasks such as tracking expiration dates using spreadsheets, manually installing and configuring certificates, and keeping up with compliance requirements. These manual processes are error-prone and time-consuming and can lead to issues such as expired certificates, misconfigurations, and compliance violations.

Moreover, the proposed change necessitates a heightened focus on security updates and patches. Organizations must diligently stay informed about the latest security vulnerabilities and encryption algorithms to ensure their certificates align with the evolving best practices. Failure to keep up with these updates can leave organizations vulnerable to potential compromises and exploitation of outdated encryption standards.

In light of Google’s proposal, organizations relying on manual certificate management processes will face even greater pressure to adapt their workflows and adopt automated certificate lifecycle management solutions.

Benefits of Automating Certificate Lifecycle Management

Automated certificate lifecycle management brings numerous advantages to organizations, enabling them to overcome the challenges associated with manual processes. By implementing an automated approach, organizations can enjoy the following benefits:

  1. Enhanced Security

    It ensures timely certificate renewals and updates, reducing the risk of expired or compromised certificates. It enables organizations to adopt the latest security protocols, algorithms, and cryptographic standards, enhancing the overall security posture.

  2. Time and Cost Savings

    Automation streamlines the certificate management workflow, eliminating the need for manual tracking, renewal, and installation processes. This significantly reduces the time and resources required to manage certificates, allowing IT teams to focus on more strategic initiatives.

  3. Centralized Management

    With an automated solution, organizations can centrally manage all their certificates from a single platform. This provides a holistic view of the certificate landscape, simplifies the management process, and ensures consistent policy enforcement across the entire infrastructure.

  4. Proactive Monitoring and Alerts

    Automated certificate lifecycle management solutions often include monitoring capabilities that proactively identify issues such as impending certificate expirations, weak encryption algorithms, or misconfigurations. Real-time alerts enable IT teams to address potential risks promptly and prevent service disruptions.

  5. Compliance and Reporting

    Automated solutions facilitate compliance with industry regulations and standards by providing comprehensive reporting and audit trails. This simplifies the auditing process and helps organizations demonstrate adherence to best practices and regulatory requirements.

By transitioning from manual certificate management to automated solutions, organizations can ensure timely certificate renewals, minimize the risk of expired certificates, and streamline the entire certificate lifecycle. Automation allows IT teams to focus on strategic initiatives rather than manual tracking and administration, ultimately improving security, compliance, and the overall efficiency of certificate management practices.

Want to know how we can assist you?

Encryption Consulting’s CertSecure Manager is an advanced solution designed to address the challenges of manual certificate management and assist organizations in meeting these upcoming requirements. With its comprehensive features, including lifecycle management, certificate discovery, inventory management, issuance, deployment, renewal, revocation, and reporting capabilities, CertSecure Manager streamlines the entire certificate management process through end-to-end automation.

Additionally, CertSecure Manager’s built-in alerts provide timely notifications for critical events such as upcoming certificate expirations, allowing organizations to take proactive measures and prevent service disruptions. With a focus on security and compliance, CertSecure Manager helps organizations meet the highest industry standards, such as PCI-DSS, HIPAA, and GDPR, ensuring a secure and compliant certificate infrastructure. By leveraging CertSecure Manager, organizations can effectively manage their certificates, enhance security, save time and resources, and maintain a strong online presence while aligning with Google’s proposed TLS certificate validity reduction.


Given Google’s proposal to reduce the validity of TLS certificates to 90 days, organizations need to adjust their certificate management practices to maintain a secure and efficient online environment. The implications of this change are significant, particularly for organizations relying on manual certificate management processes. The challenges of manual management, including the increased frequency of certificate renewals, tracking expiration dates, and ensuring timely updates across domains and servers, become even more pronounced with the reduced validity period. Automated certificate lifecycle management solutions like CertSecure Manager provide a compelling answer to these challenges.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo