On April 11, 2025, the CA/Browser Forum — an organization that sets standards for digital certificate systems (Public Key Infrastructure, PKI) — announced the results of the Ballot SC081v3 vote. The proposal introduces a systematic schedule to reduce the validity period of TLS/SSL certificates and the data reuse periods over the coming years, representing an important step in improving internet security.
Key Reductions
The Ballot SC081v3 includes two main changes:
- Reduction in Data Reuse Periods
For non-SAN validation data (standard domain validation), the reuse period will be shortened from 825 days to 398 days.
For SAN (Subject Alternative Name) validation, the reuse period will shrink from 398 days to 10 days.
This means Certificate Authorities (CAs) will need to re-verify domain and server information more frequently to ensure it remains accurate. - Reduction of Maximum Certificate Validity
The maximum lifespan of publicly trusted certificates will gradually be reduced. It is expected to begin in March 2026 and ultimately decrease to 47 days by March 2029.
Organizations will need to adjust their certificate lifecycle processes to accommodate these shorter validity periods.
Why These Reductions Matter?
TLS/SSL certificates are essential for securing communications between websites and users. The shortened timelines are expected to:
- Reduce the risk of outdated or incorrect information: Over time, domain and owner details change — shorter lifespans help ensure certificates reflect up-to-date information.
- Minimize the impact of misissued certificates: More frequent validation increases the likelihood that errors are detected and corrected quickly.
- Encourage automation: Shorter validity periods make automated certificate lifecycle management a necessity for many organizations.
- Improve long-term security: With shorter periods of validity, compromised certificates or outdated data pose reduced security risk and enable faster response to emerging threats.
Industry Support
The final vote results showed strong support from both certificate issuers and consumers:
- Certificate Issuers such as Amazon, DigiCert, GlobalSign, GoDaddy, Sectigo, and others voted in favor, with no opposing votes recorded.
- Certificate Consumers including major browser and platform vendors like Apple, Google, Microsoft, and Mozilla also voted in support.
Summary of Timeline
| Timeframe | Maximum Validity | Data Reuse Period Example |
| --------------| ------------------------- | -------------------------------- |
| 2025–2026 | ~398 days | Non-SAN: 825 → 398 days |
| 2027 | ~100–200 days | SAN: ~10 days |
| 2029 | ~47 days | – |
(These figures represent the agreed direction of the changes and will be implemented progressively.)
Conclusion
Ballot SC081v3 represents proactive changes in the Web PKI ecosystem aimed at enhancing the security and accuracy of digital certificates. By reducing certificate validity and data reuse periods, the industry moves toward more timely, reliable, and automated certificate management — significantly impacting how organizations handle digital security from 2026 and beyond.
References: Ballot SC081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods (CA/Browser Forum) — https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/
แหล่งอ้างอิง: https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/