CyberArk, a global leader in identity security, has launched the TLS Certificate Renewal Impact Calculator and TLS Certificate Discovery Scan to assist IT and security leaders in preparing for the mandated reduction of Transport Layer Security (TLS) certificate lifespans, which will shrink to 200 days by March 2026 and further to 47 days by 2029.
The CA/Browser Forum’s phased mandate to shorten public TLS certificate validity periods will necessitate organizations to renew certificates more frequently, potentially eight times annually or even monthly. This change represents a significant operational challenge, particularly for organizations still relying on manual renewal processes.
CyberArk research highlights the growing risk, indicating that 72% of security leaders experienced at least one certificate-related outage in the past year. Of these, 67% encountered monthly outages and 45% faced weekly disruptions. The study also projects a substantial increase in labor hours: a company managing 500 certificates, currently spending approximately 2,000 labor hours annually, could see this figure escalate to over 24,000 hours by 2029. This would necessitate expanding a two-person team to 24 personnel solely for certificate management.
Kurt Sand, General Manager of Machine Identity Security at CyberArk, stated, “Shorter certificate lifespans are more than a compliance shift — they are a business risk.” He added that organizations will face a surge in renewals that manual processes cannot sustain, potentially leading to higher costs, operational strain, and system outages with financial and reputational consequences. Sand emphasized that CyberArk’s new tools aim to simplify understanding exposure and building a case for automation before disruptions occur.
The new certificate calculator and scanning tools are designed to help organizations understand their specific exposure by visualizing the impact of shorter lifespans on renewal volumes and labor requirements. They also enable informed decision-making by quantifying operational costs and the return on investment (ROI) of automation, thereby aiding in building a business case for modernization. Additionally, the tools support proactive transition to automated certificate lifecycle management, aiming to reduce outages, save time, and improve organizational resilience.
These tools are integrated within the CyberArk Identity Security Platform, which provides comprehensive capabilities for managing machine and human identities across multi-cloud environments, ensuring dynamic privilege controls for all identity types.
Organizations can access the TLS Certificate Renewal Impact Calculator and the TLS Certificate Discovery Scan to identify expired, soon-to-expire, misconfigured, or non-compliant public-facing certificates.
