TLS Certificate Risks

we include risks in hexiosec asm, which help you identify certifcates with a validity period longer than the current recommendation currently, the industry standard for web browsers is to enforce a validity period of 398 days for tls certificates if certificates fail the validity period check, it means that someone browsing to a web site using this certificate would be presented with a security warning the ca/browser forum have agreed a plan to reduce the maximum lifespan of certificates in steps starting from 15 march 2026 the aim of this is to improve online security by encouraging more frequent certificate renewals the full schedule until 15 march 2026, the maximum is 398 days from 15 march 2026, the maximum is 200 days from 15 march 2027, the maximum is 100 days from 15 march 2029, the maximum is 47 days to help you prepare, hexiosec asm raises a medium severity risk if a certificate is identified with a validity period of over 398 days new risks will be added over time as the maximum lifetime is reduced view of explore page with an example of a tls certificate with a validity period over 90 days this makes it is easy to identify these certificates and take action to reduce their validity period the best approach for this is to use an automated certificate lifecycle management tool, which automatically creates and deploys new certificates on a regular basis