GlobalSign Warns That Manual SSL/TLS Certificate Management Is No Longer Viable as Validity Periods Shrink
What Happened — GlobalSign’s senior VP of sales announced that industry‑mandated reductions in SSL/TLS certificate lifetimes will force organizations to rotate certificates far more frequently. The vendor highlighted the operational risk of relying on manual processes for this accelerated cadence.
Why It Matters for TPRM —
- Inadequate certificate rotation can lead to expired certificates, service outages, and loss of trust for downstream partners.
- Manual processes increase the likelihood of human error, exposing third‑party ecosystems to man‑in‑the‑middle (MITM) attacks.
- Automation gaps may hinder compliance with emerging regulations that reference cryptographic hygiene.
Who Is Affected — Small‑ and mid‑size enterprises (SMEs), SaaS providers, MSPs, and any organization that relies on TLS certificates for public‑facing services.
Recommended Actions —
- Conduct an inventory of all TLS/SSL certificates across the supply chain.
- Evaluate and deploy a certificate lifecycle management (CLM) solution that supports automated discovery, renewal, and revocation.
- Review vendor contracts for CLM capabilities and ensure service‑level expectations include timely rotation.
Technical Notes — The shift from 2‑year to 1‑year (or shorter) validity periods is driven by industry bodies (e.g., CA/Browser Forum) to reduce the attack window for compromised keys. GlobalSign promotes a SAN‑based licensing model that simplifies cost management for frequent rotations. The briefing also touched on post‑quantum cryptography (PQC) readiness, noting that a robust CLM foundation eases future migration to PQC‑compatible certificates. Source: Help Net Security