By Ewan Ferguson, CEO, FullProxy
At FullProxy, we’ve been spreading the message of shortened certificate lifecycles for over a year. In this time, we’ve seen it turn from a mainly ‘we didn’t know about this’ issue to a ‘we’re a little bit familiar, but we haven’t got anything in place’ issue. This was one of our key takeaways from attending DIGIT Expo in November and talking to key industry professionals; most people don’t know a change is coming, and if they do know – they don’t have a strategy for it.
From March 2026, the maximum validity of publicly trusted TLS/SSL certificates will drop to 200 days. It’s one of the most significant trust-framework changes we’ve seen in years, and it represents far more than a tweak to compliance timelines. It marks the acceleration of a global transition toward crypto-agility, automation, and post-quantum readiness.
For many, this is the moment where certificate management transforms from an operational chore into a strategic risk domain. And like every major shift in digital security, those who prepare early will benefit most.
Why This Shift Matters Now
Most conversations on the 200-day rule focus on operational consequences: “We’ll need to renew more often.” True, but that’s the least important part of the story.
This change is driven by three global forces shaping today’s trust landscape:
1. The march toward Post-Quantum Cryptography (PQC)
The UK’s NCSC, NIST in the US, and major browser vendors have been clear: IT teams must be crypto-agile well before quantum-safe standards are fully deployed. Shorter certificate lifecycles make it easier to introduce new algorithms rapidly and deprecate vulnerable ones. This agility is essential in the years ahead.
2. A shrinking window of acceptable risk
Long-life certificates create long-life vulnerabilities. A compromised key or mis-issued certificate becomes a threat for more than a year. Shorter lifespan dramatically reduces exposure.
3. A global move toward automation
Let’s be honest, manual certificate management was already unsustainable for most. The new timelines will make it impossible. Automation isn’t a luxury anymore; it’s a prerequisite for operational sanity.
Our Experience with Digital Certificates
Across a decade supporting enterprise infrastructures, we’ve seen the consequences of certificate sprawl and manual processes play out repeatedly:
- Major customer-facing outages triggered by a single forgotten renewal
- Unknown certificates living unnoticed on legacy devices
- Overlapping validation processes creating unnecessary renewal delays
- Teams firefighting rather than operating strategically
Those that avoid these pitfalls are the ones that treat certificates as a moving system, not a static asset. They build visibility, automation, standardization and governance into the core of their operations.
Proactive Steps You Can Take Now
Some businesses will wait until 2026 to react. They will be the ones facing outages, SLA breaches, and board-level questions.
The smart organisations are preparing in four key ways:
1. Achieving full visibility of their certificate estate
You can’t automate what you can’t see. Discovery and inventory must come first.
2. Building end-to-end automation
API-driven or ACME-based renewal workflows are now essential, not optional.
3. Aligning internal PKI with external best practice
While private certificates aren’t bound by the new limits, harmonising lifecycles reduces complexity and strengthens governance.
4. Testing crypto-agility
Organisations need to be ready to rotate keys, algorithms, and trust models far more frequently than before. Shorter certificate lifecycles become the proving ground for this. After your automation is established, certificate validity becomes just another adjustable parameter. As lifecycles shorten, updating a single value is all that’s needed. You can even start reducing certificate validity early to accelerate improvements to your security posture.
Where FullProxy Stands in This Moment
Marking our 10-year anniversary has made us reflective at FullProxy, but also determined to do something about it.
A decade ago, our work was largely focused on traditional load balancing and application delivery. Today, the attack surface is broader, the trust model more complex, and the consequences of small errors far more severe. Certificate automation and crypto-agility have become central pillars of online trust and cyber resilience.
Our consultants are already helping teams prepare for the 200-day shift:
- Auditing estates
- Implementing automation tools that significantly lighten the burden
- Aligning PKI strategy with PQC roadmaps
If the last ten years were about digital transformation, the next ten will be about digital trust transformation.
A Final Thought as We Enter Our Second Decade
Shorter certificate lifecycles may feel like an administrative inconvenience, but they are, in truth, a gift. They force you to modernise, automate, and harden your trust posture before quantum-era threats make such changes urgent.
It’s an inflection point.
Those who embrace automation and crypto-agility now will step into the post-quantum era with confidence. Those who don’t will find themselves racing to catch up at the worst possible moment.
At FullProxy, as we celebrate ten years of navigating change with our customers, our message is simple:
The countdown to 200-day certificates has begun but the journey to post-quantum readiness is only just starting. Let’s take it together.