Navigate on SwissID

A data security specialist by Swiss Post
14.10.2025

New CA: Validity period for TLS/SSL certificates specified in days from January 2026 onwards

The validity period of SwissSign TLS/SSL certificates was previously specified in years. The unit will change to days. This change will be released into production in January 2026.

Background: In Spring 2025, the members of the CA/Browser Forum have decided by a large majority to gradually reduce the maximum validity period of publicly trusted TLS/SSL certificates to 47 days in 2029.

What will change and when: TLS/SSL certificates from SwissSign will be issued with validity periods specified in days (up to 365 days) instead of years. The corresponding change will be made

  • at the beginning of December 2025 on Pre-Prod and

  • in the middle of January 2026 on PROD.

A reminder will be provided a few weeks before the exact deadlines. We will also send emails to all direct MPKI holders.

What you need to do: If you are using validity periods in your certificate requests via REST API or CMC, you will need to update these values as follows:

  • REST API (validity=1) à (validity=365)

  • CMC (validity=1y) à (validity=365d)

Next steps: Further changes preparing SwissSign certificates for the new CA/Browser Forum regulations are planned for March 2026:

  • The maximum validity period of publicly trusted TLS/SSL certificates will be reduced to 200 days.

  • The maximum re-usability of domain validation information will be reduced to 200 days.

  • Subject Identity Information (SII) validations - such as organisation name, address and other identification features - can only be reused for 398 days (down from 825 days).

Resources: Please read our article for an overview of the necessary steps and subscribe to our newsletter to receive more advice and regulatory updates.

These adaptations are the first steps of a longer process that will require most organisations to automate their certificate management. SwissSign offers seamless integration through REST interface standards (OpenAPI V3) and ACME, as well as a comprehensive certificate lifecycle management solution.

Please contact us if you require more information about our offering.

Best regards

Your SwissSign Team

To overview

SwissSign

Ressources

Knowledge

Support

A data security specialist
by Swiss Post

The ‘Die Post’ logo takes you to the ‘Die Post’ website.