New CA: TLS/SSL certificate validity reduced to 198 days from 9 March 2026

The maximum validity of TLS/SSL certificates will be reduced from 398 to 200 days, in accordance with Ballot SC-081 of the CA/Browser Forum. SwissSign will implement this change on 9 March 2026 and allow a validity period of 198 days instead of 365.

Background: This is the first step of the lifespan reduction for TLS/SSL certificates as prescribed by the CA/Browser Forum in April 2025. Further reductions to 100 days (March 2027) and 47 days (March 2029) will follow.

What changes on 9 March 2026 for SwissSign TLS/SSL certificates:

• Maximum certificate validity: 198 days (down from 365)

• Domain validation reuse period: 198 days (down from 365)

• Subject Identity Information (SII) reuse for OV certificates: 12 months (down from 25 months)

What you need to do: If you specify validity periods in certificate requests via REST API or CMC, update these values as follows. You may set shorter lifespans if preferred.

• REST API: validity=365 → validity=198

• CMC: validity=365d → validity=198d

Going forward, renew your domain validation at least every 198 days and your subject identity information at least every 12 months directly through our Managed PKI. You will receive individual automated reminders.

Next steps: Later this year, SwissSign will introduce automated domain validation methods in line with CA/Browser Forum regulations.

Resources: Please read our article for an overview of the necessary steps and subscribe to our newsletter to receive more advice and regulatory updates.

These adaptations are the first steps of a longer process that will require most organisations to automate their certificate management. SwissSign offers seamless integration through REST interface standards (OpenAPI V3) and ACME, as well as a comprehensive certificate lifecycle management solution.

Please contact us if you require more information about our offering.

Best regards
Your SwissSign Team