Editor’s Note: This blog was originally published on 7th January 2025 but has since been updated to reflect industry changes and new insights.
Certificate lifespans are a hot topic with both Apple and Google reducing the validity period of SSL / TLS certificates. But it’s not just SSL / TLS being impacted, Code Signing certificates are facing similar trends.
Initiated by the Certificate Authority Browser Forum (CA/B Forum), the maximum validity period for Code Signing Certificates will be reduced from 39 months to 460 days.
What is Changing?
The CA/B Forum has directed that the maximum validity period for a Code Signing Certificate will be reduced from 39 months to 460 days.
When is This Change Happening?
This change will be coming into effect on 1 March 2026.
Why is This Shift Happening?
This new directive is being introduced by the CA/B Forum as part of their best practice guidelines aimed at enhancing the security of digital certificates. By reducing the lifespan of certificates, the intent is to limit potential exposure to vulnerabilities that could arise from outdated or compromised certificates. As a Certificate Authority, we are adopting this change in accordance with the industry standards set by the CA/B Forum.
Whilst reduced lifespans do mean more frequent renewals, short lived certificates do have considerable benefits:
- Enhanced Security: Shorter validity periods limit the exposure to takeover attacks, minimizing potential risks to your software and users.
- Streamlined Compliance: Shorter periods ensure your certificates reflect the latest security standards, keeping your software aligned with industry best practices. Additionally, more frequent renewals help you stay ahead of compliance requirements, reducing the risk of non-compliance.
How Does This Impact You?
The impact based on your certificate status and requirements are detailed below:
| Certificate Status | Proposed Impact |
|---|---|
| Existing Certificates | All existing GlobalSign Code Signing Certificates with a validity ranging from 2 years to 3 years will remain valid until their expiration date. However, any renewals or reissuances of these certificates after 24 February 2026 will need to comply with the new 460-day validity as per the CA/B Forum guidelines. |
| New and Renewed Certificates | From 27 December 2025, you will only be able to purchase GlobalSign Code Signing Certificates with a 1-year validity - 2-year and 3-year certificates will no longer be available to purchase. From 24 February 2026, any renewal or newly issued GlobalSign Code Signing Certificate will be subject to a maximum validity period of 460 days as per the CA/B Forum guidelines. |
| Certificate Reissuances | Any GlobalSign Code Signing certificate with a validity of 2 or 3 years ordered on or before the 26 December 2025, can be reissued with it's existing validity until 24 February 2026. After that, reissuances will be subject to the new validity of 460 days as per the CA/B forum guidelines. |
GlobalSign are Here to Help
The reduced validity period will make certificate renewals more frequent, so it is important to review your certificate inventory and renewals in preparation for the change. In addition, GlobalSign’s Support Team are on hand to guide you through these changes to make this transition as seamless as possible.
Atlas Discovery and Certificate Management at Your Fingertips
