Code Signing Certificates’ Lifespans to Drop to One Year

Starting March 1, the lifespans of software-signing digital certificates will be reduced from 39 months to 15 months. Order a 2- or 3-year certificate ASAP before they’re officially gone

Editor’s Note: Major CAs, including DigiCert and Sectigo, are rolling out these changes ahead of the March 1 deadline.

Shorter code signing certificate lifespans = more secure software supply chains

There have been numerous industry shake-ups in recent years regarding certificate validity periods. Since 2015, we’ve watched the CA/Browser Forum steadily march down SSL/TLS certificate validity periods

from five years to one year. (Validity will drop to 47 days by 2029.) The idea is to make digital certificates more secure by:

• decreasing the validity period of certificates (so their cryptographic keys are replaced more frequently and are valid for less time in the event they become compromised)
• ensuring that the most up-to-date algorithms are in use and certificates are compliant with industry standards
• ensuring individual and organizational identity data remains as current as possible (which is good when employees leave your organization)

For code signing certificates, these benefits strengthen your software supply chain. Historically, code signing certificates have been issued with one- to three-year validity periods. Starting on or before March 1, 2026, code signing certificates will be valid for no more than 460 days. (Most CAs are rolling out these changes ahead of time to mitigate last-minute validation delays and other issues.)

What do these certificate lifespan changes mean for your business, and what do you need to do to prepare?

Let’s hash it out.

The post Code Signing Certificates’ Lifespans to Drop to One Year appeared first on Hashed Out by The SSL Store™.