Discovery Scan for Public TLS Certificates

The CA/B Forum has approved a phased policy to shorten public TLS certificate lifespans—from 398 days today to just 47 days by March 2029. The first enforcement hits in March 2026, dropping the maximum validity to 200 days, and again in 2027 to 100 days. These changes compress renewal windows and raise the stakes for teams managing public certificates. This TLS certificate scan helps you get ahead—by identifying gaps in visibility and laying the groundwork for 47-day certificate lifecycles.

CyberArk’s TLS Certificate Discovery Scan quickly reveals which public-facing certificates are expired, expiring soon, misconfigured, or non-compliant—so you can take action before it disrupts your business. You’ll be able to:

Get an inventory of your publicly trusted TLS certificates.

Identify TLS certificates nearing expiration to prevent unplanned outages.

Detect rogue, weak, or misconfigured TLS certificates before they trigger an outage.

Confirm certificates are issued by approved certificate authorities and align with your security policies.

No deployment required. Just sign up with your business email (we scan the domain tied to that email) and get a detailed report powered by CyberArk Certificate Manager.

It only takes minutes to start. Results can help guide your automation and compliance strategy.

man working

Start Your TLS Certificate Scan