Ballot SC-081: Certificate Validity Reduction Passed, Making Automation Mandatory

Certificate Validity down to 47 days by 2029; DCV Reuse to 10 days by 2028.
Certificate Validity down to 47 days by 2029; DCV Reuse to 10 days by 2028

Apple drafted a CA/Form ballot to gradually reduce the maximum certificate validity period from the current 398 days to 47 days by 2029. 

 
Proposed Schedule for Certificate Validity & Domain Validation Data Reuse Reduction

*As of April 2025, The voting period for  Ballot SC-081 has completed. The ballot has: PASSED. 

 

 Voting Result
  • Certificate Issuers: 30 votes in total

* 25 voting YES: Amazon, Asseco Data Systems SA (Certum), Buypass AS, Certigna (DHIMYOTIS), Certinomis, DigiCert, Disig, D-TRUST, eMudhra, Fastly, GlobalSign, GoDaddy, HARICA, iTrusChina, Izenpe, NAVER Cloud Trust Services, OISTE Foundation, Sectigo, SHECA, SSL.com, SwissSign, Telia Company, TrustAsia, VikingCloud, Visa

* 0 voting NO

* 5 ABSTAIN: Entrust, IdenTrust, Japan Registry Services, SECOM Trust Systems, TWCA

  • Certificate Consumers: 4 votes in total

* 4 voting YES: Apple, Google, Microsoft, Mozilla

* 0 voting NO

* 0 ABSTAIN

 

The impact on industry
  •  More Renewals, More Workload – Frequent renewals increase the IT team’s burden, making manual certificate management impractical for large enterprises.
  • Automation Demand – Shorter validity periods make automated certificate lifecycle management (CLM) essential. ACME adoption is now a must, along with managed PKI and third-party integrations.
  • Enhanced Security – Reduces risks from compromised or misissued certificates and promotes best practices for certificate management.
 
Get Ready for Shorter Certificate Validity with TuringSign!

Our CertifyID TLS Manager platform provides a REST API and support for the ACME protocol, which allows to automate the certificate life-cycle management.

 

Latest Post

0
    0
    Your Cart
    Your cart is empty

    Trustworthy AI for Better SSL

    TuringSign is actively innovating in cutting-edge AI technology to make traditional SSL workflows quicker, more efficient, more accurate and less costly.

    We apply automation to routine tasks including technical support and high assurance organization validation. This not only saves time but also minimizes errors and ensures faster, more reliable support for TuringSign users. With AI handling routine queries and tasks, your team can focus on more complex issues.

    Compare & Buy

    Automation for Unmatched Speed

    Check mark with hand icon.

    Full Automation

    Fully Automate your SSL Management with ACME

    Analysis analytics column graphic improvement icon.

    Fastest OCSP

    Boost Page Loading Speeds with our Industry-Leading OCSP

    Achievement icon.

    Priority Validation

    Get High-Assurance Certificates Faster than ever

    Compare & Buy

    Best Value Pricing

    Lowest Prices for Best-in-Class Products : Affordability with excellence.

    Standard DV SSL

    DigiCert $64
    Sectigo $99
    GlobalSign $249
    GoDaddy $69
    TuringSign $59

    Wildcard DV SSL

    DigiCert $629
    Sectigo $499
    GlobalSign $849
    GoDaddy $349
    TuringSign $259

    Single OV SSL

    DigiCert $312
    Sectigo $199
    GlobalSign $349
    Entrust $199
    TuringSign $179

    Wildcard OV SSL

    DigiCert $984
    Sectigo $879
    GlobalSign $949
    Entrust $799
    TuringSign $699

    EV SSL

    DigiCert $468
    Sectigo $279
    GlobalSign $599
    GoDaddy $399
    TuringSign $209

    Source: Netcraft SSL Server Survey, August 2024. Provided for reference only. 3rd Party prices may have change.

    Compare & Buy

    Join the Waitlist

    Next Steps

    1. Validate Domain (Authenticate domain depending on which method you choose)

    Check the email that has been sent to you. To confirm the domain ownership rights for your certificate, you need to copy the validation code from the approval email, follow the link in it and paste the validation code into the corresponding field.

    From the email, please click the link to the verification page, Once in the verification page, please enter the code provided in the email for verification.

    That’s it!

    After you have completed verification, a confirmation email will be sent to you. And shortly after, an issue confirmation will be sent to you via email. You can follow the link to the portal to download your newly issued certificate.

    If you have followed the steps above and did not receive an approval email to your mailbox, please click the link to the portal and double check your validation method or contact us for help. 

    Another way of verifying a domain is DNS (TXT record) Verification. If you selected DNS Authentication as your verification method, you will receive a unique TXT record via email consisting of two parts:

    • 1. Name: Name/Host/Alias/TXT: Blank or @
    • 2. Value/Points to/Destination:”wisekey=XXXXXXX”
    • TTL: This is your TTL (Time-To-Live) value. Set it to 3600 or lower.

    Verify by adding a TXT record in your DNS. Please verify and check if you have added the correct record

    Please submit a requestfor support if you face any issues.

    Depending on your DNS provider, You may have to wait for at least an hour for the changes to take effect in the DNS Servers. You will be notified via email when the domain is verified.

    The third method of verifying a domain is HTTP File Upload Verification. After choosing File Authentication as your verification method, you will receive an email and be asked to download a unique verification file (Format: .txt) and upload it to a specific directory on your web server.



    Verify by uploading the attached file fileauth.txt in your web server as follows:



    • 1. Download the text file fileauth.txt (attached with the email).
    • 2. Upload the above file (fileauth.txt) to your host in this EXACT path: http://my-domain.com/.well-known/pki-validation/fileauth.txt


    You may have to wait for at least an hour for the changes to take effect in the validation services. You will be notified via email when the domain is verified.

    Please submit a request for support if you face any issues.

    2. Receive Confirmation (After validation an email will be sent with a link to certificate)

    3. Download certificate and upload to hosting

    Notice: After generating a CSR,
    1. Copy the Private KEY and keep this to yourself for reference.
    2. Copy only the CSR above and use(paste)
    in to request your TS Certificate.
    3. Click the top left button to close.

    TuringSign
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.