Navigate on SwissID

26.01.2026

New CA: TLS/SSL certificate validity reduced to 198 days from 9 March 2026

The maximum validity of TLS/SSL certificates will be reduced from 398 to 200 days, in accordance with Ballot SC-081 of the CA/Browser Forum. SwissSign will implement this change on 9 March 2026 and allow a validity period of 198 days instead of 365.

Background: This is the first step of the lifespan reduction for TLS/SSL certificates as prescribed by the CA/Browser Forum in April 2025. Further reductions to 100 days (March 2027) and 47 days (March 2029) will follow.

What changes on 9 March 2026 for SwissSign TLS/SSL certificates:

  • Maximum certificate validity: 198 days (down from 365)

  • Domain validation reuse period: 198 days (down from 365)

  • Subject Identity Information (SII) reuse for OV certificates: 12 months (down from 25 months)

What you need to do: If you specify validity periods in certificate requests via REST API or CMC, update these values as follows. You may set shorter lifespans if preferred.

  • REST API: validity=365 → validity=198

  • CMC: validity=365d → validity=198d

  • The existing domain validations older than 198 days (i.e. validations done before 23rd of August 2025) are not going to be valid anymore. Therefore, domains need to be revalidated to be able issue TLS/SSL and S/MIME certificates.

  • The identity of RAOs for MPKI OVs needs to be revalidated if they have been validated more than 13 months ago to be able to login to the MPKI portal.

Going forward, renew your domain validation at least every 198 days and your subject identity information at least every 12 months directly through our Managed PKI. You will receive individual automated reminders.

Next steps: In summer 2026, SwissSign will introduce automated domain validation methods in line with CA/Browser Forum regulations.

Resources: Please read our article for an overview of the necessary steps and subscribe to our newsletter to receive more advice and regulatory updates.

These adaptations are the first steps of a longer process that will require most organisations to automate their certificate management. SwissSign offers seamless integration through REST interface standards (OpenAPI V3) and ACME, as well as a comprehensive certificate lifecycle management solution.

Please contact us if you require more information about our offering.

Best regards
Your SwissSign Team
 

To overview

SwissSign

Ressources

Knowledge

Support