TLS (Transport Layer Security) is a cryptographic protocol that allows secure communication over a network. It uses a certificate issued by a trusted CA (certificate authority) to encrypt connections between clients and servers. These certificates must be renewed periodically to ensure continued data privacy.
- Right now, TLS certificates can be valid for up to 398 days.
- Starting March 15, 2026, that limit will drop to 200 days.
- By March 15, 2027, it will decrease again to just 100 days.
- And by March 15, 2029, the maximum validity will be only 47 days.
Why is this happening?
These increasingly shorter lifespans are being adopted because the information contained in TLS certificates becomes less reliable over time. To maintain trust and data integrity, certificates must be re-validated more frequently. This shift makes manual renewal processes inefficient and impractical—automation becomes essential.
Shorter certificate lifetimes also help minimize the risk of continuing to use revoked or compromised certificates.
SecurityGateway makes TLS certificate updates easy
Fortunately, SecurityGateway now makes automation of SSL/TLS certificate renewal simpler than ever.
Under the Setup/Users | System | Encryption menu in SecurityGateway, you’ll find a setting that, when enabled, will automatically detect and activate newer certificates as soon as they’re available—no manual steps required. This means administrators have complete flexibility in how they automate renewals, while SecurityGateway ensures a seamless transition to updated certificates.
What does this mean for administrators?
This new, automated certificate activation capability makes SSL/TLS certificate updates much easier. There’s no longer a need to rely on specific tools like Let’s Encrypt. You can use any certificate management solution that installs certificates to the correct location in the Windows certificate store.
Questions? Let us know in the comments section below!