Certificate Lifecycle Management (CLM)

47-day certificates are coming. Is your team ready?

As of March 2026, TLS certificate lifetimes dropped to 200 days, and this window keeps shrinking. The organizations that prepare now won’t be scrambling later.


March 2026

Max TLS lifetime drops to 200 days

In effect now

March 2027

100 days – renewals double in frequency

Less than 12 months away

March 2029

47 days – manual renewal impossible at scale

Act now

Preparing now gives your team time to adapt, automate, and stay ahead.
Don’t wait until certificate renewals become a daily challenge.

The Problem: Why This Matters

8× more renewals by 2029
Going from 398-day to 47-day lifetimes multiplies renewal work 8-fold. Most teams are not ready for this.

73% of certificate outages are preventable
They happen because no one had a complete, live view of what was about to expire.

1 person holds the knowledge
In most organizations, certificate knowledge lives in one person’s head or one spreadsheet: a single point of failure.

Digital trust

How CLM Works:
3 Steps From Chaos to Full Control

1. Discover everything
We map your entire certificate estate. What you have, where it lives, when it expires. Most organizations find certificates they did not know existed.

2. Get clear insight
One view of every certificate, owner, and expiry date. No spreadsheets, no guesswork, just a clear picture of where you stand.

3. Automate the rest
Renewals happen automatically before certificates expire. No manual tracking, no last-minute scrambles, no outages.

Interested in early access?

BlueX is AET Europe’s certificate lifecycle management platform, currently in development — built to give your team full visibility and automated control over every certificate in your environment.

Learn more


Frequently Asked Questions

Whether you’re seeking technical support or general information, explore our FAQs to find the solutions you need. If you can’t find the answer you’re looking for, feel free to reach out to our team for further assistance.

What happens when a certificate expires?
Browsers and systems immediately stop trusting it — there is no gradual degradation. Services show security warnings, APIs refuse connections, and applications break without warning.
Why are certificate lifetimes getting shorter?
The CA/Browser Forum, backed by Apple, Google, Microsoft and Mozilla, has mandated shorter lifetimes to reduce the risk of compromised certificates being exploited. As of March 2026, the maximum is 200 days. By 2029 it will be 47 days.
What changes on March 15, 2026?
Newly issued public TLS certificates may be valid for a maximum of 200 days. This drops to 100 days in March 2027, and 47 days in March 2029.
What is BlueX?
BlueX is AET Europe's certificate lifecycle management platform, currently in development. It is designed to give organisations full visibility and automated control over their certificate estate.
How can AET Europe help us prepare?
Our specialists can review your current certificate setup, assess your exposure to the 2026 deadline, and advise on the right approach for your organisation. Get in touch to start the conversation.

Not sure where to start? Let’s talk.

Our specialists can review your current certificate setup, walk you through what the 2026 changes mean for your organisation, and show you what AET Europe is building to help.