Change in the validity of TLS/SSL certificates from February 2026
Starting February 24, 2026, TLS/SSL certificates will have a maximum validity of 199 days. The change responds to a new requirement from the CA/Browser Forum and seeks to strengthen digital security at a global level.
Starting February 24, 2026, TLS/SSL certificates issued through DigiCert CertCentral will have a maximum validity of 199 days, instead of the current 397 days.
This modification also applies to EU Qualified Website Authentication Certificates (QWAC) and QWAC PSD2.
The reduction in the validity of certificates is a measure defined at the industry level, established by the CA/Browser Forum, with the objective of improving security, limiting the impact of possible compromised keys and allowing a more agile cryptographic update in the face of new threats and standards.
Starting February 24, 2026, TLS/SSL certificates issued through DigiCert CertCentral will have a maximum validity of 199 days, instead of the current 397 days.
This modification also applies to EU Qualified Website Authentication Certificates (QWAC) and QWAC PSD2.
While shorter validity periods may require adjustments to certificate management, they also help reduce risks and increase the resilience of digital environments. At CertiSur we accompany our clients to anticipate and adapt to this change.
Impact on TLS/SSL certificates
- It will be possible to request certificates with validity greater than 199 days until February 24, 2026.
- All certificates issued after that date will have a maximum validity of 199 days, even if the original order contemplates a longer period.
- Pending applications issued from that moment on will automatically be adjusted to the new validity.
- Certificates issued before February 24, 2026 will not be affected and will maintain their original expiration date.
- However, if a certificate is reissued after that date, its validity will be limited to 199 days, even if it was originally longer.
Changes to organization and domain validations
From February 24, 2026, the validation reuse periods will also be modified:
- Organization validations (OV) will go from 825 to 397 days.
- Domain validations will be reduced from 397 to 199 days.
Impact on requests via API
Certificate requests made through the CertCentral API with a validity greater than 199 days will automatically adjust to the new limit. This measure seeks to avoid unexpected errors and guarantee the correct issuance of certificates.
At CertiSur we recommend that organizations anticipate this change, review their certificate management processes and advance automation strategies that facilitate future renewals. Our team is available to advise you and help you evaluate the impact of this update on your digital environments. If you have any questions, contact our support team.