In April 2025, the CA/Browser Forum approved a plan to shorten the maximum validity of publicly trusted certificates to just 47 days. Enforcement begins in 2026 with 200-day certificates and tightens progressively until 47-day certificates become mandatory by 2029.
This shift increases renewal volume by 8-12x, overwhelming manual workflows and fragmented ownership models. The CyberArk 47-Day Readiness Discovery Scan is a rapid, no-cost way to assess your public TLS certificate landscape and prepare for the 47-day TLS certificate shift.
