The CA/Browser Forum continues shortening TLS certificate lifetimes. Version 2.1.6 of the Baseline Requirements reinforces a trajectory toward renewal cycles as short as 47 days for some certificate categories.
Certificate management becomes a continuous operational duty — not a quarterly task. Organizations relying on manual renewals, spreadsheets, or unmanaged public CAs face outage risk and growing audit pressure.
Operational impact
- More renewals per year at each milestone (200 → 100 → 47 days)
- Incomplete inventory of manual and shadow certificates
- Hybrid and air-gapped environments under renewal pressure
- Mandatory path toward automation readiness
How CertiShielder™ helps
- Trust Provisioning™ — sovereign issuance and renewal via Trust Profiles™
- Certificate Automation Readiness™ — objective readiness scores for 200 / 100 / 47 day horizons
- Trust Governance™ — read-only trust chain observation (SPAR™)
- Crypto Migration Ready™ — cryptographic agility assessment including PQC preparation
Official source: CA/Browser Forum TLS BR v2.1.6 (PDF)