Three crises at the same time: 47-day certificates, exploding PKI and post-quantum migration. Certificate Lifecycle Management makes your infrastructure future-proof.

Context and next steps from SwissSign. The CA/Browser Forum has decided to gradually reduce the lifespan of SSL/TLS certificates and the validity period for domain verification, with far-reaching consequences for IT teams worldwide. Here's a brief summary of the situation and how we at SwissSign will continue to support you.

As of 15 March 2027, the use case "Client Authentication" may no longer be included in public TLS/SSL certificates, otherwise they would no longer be considered trustworthy by Google Chrome. Check in good time whether and to what extent you are using TLS/SSL certificates in this way, and what alternatives are available for your encryption - background and recommendations from SwissSign.

«SwissSign Gold CA - G2» retires from Chrome and Mozilla for TLS certificates. For almost all SwissSign customers, no action is required, as SwissSign's root «SwissSign RSA TLS Root CA 2022 – 1» continues to be valid. Both browser vendors will withdraw trust for SSL/TLS for the legacy root as part of their annual clean-up of older public roots.

E-mails are relatively easy to intercept and read – or even to manipulate – if they are not encrypted. The solution: e-mail certificates (S/MIME).

DNS Validation with Persistent Value Defined and Allowed From November 2025 (Ballot SC-088v3).