The CA/Browser Forum’s decision to progressively reduce maximum certificate lifetimes down to 47 days is not just a technical adjustment — it is a defining operational shift that will expose weaknesses in how most organizations manage certificates.
By the final phase, organizations will go from renewing certificates roughly 4 times per year (90-day certs) to nearly 8 times per year. That’s effectively quadrupling the renewal workload over time. What used to be a manageable quarterly task will become a near-monthly operational burden.
Expired certificates remain one of the leading causes of production outages. As renewal frequency increases dramatically, the probability of an outage grows exponentially — especially for organizations without strong governance in place.
Forward-thinking teams are moving away from bolting automation onto individual applications. Instead, they’re implementing a governance layer that sits in front of all certificate issuance — whether public (Let’s Encrypt, ZeroSSL) or internal CAs.
CertForge was built exactly for this moment.
A lightweight yet powerful governance proxy that brings policy enforcement, human approvals, audit trails, and SIEM integration — without the complexity and cost of traditional enterprise CLM platforms.
The 47-day era is coming in phases. Teams that start building proper governance now will have a significant operational and compliance advantage in the years ahead.