CyberArk has released two new free tools to help organisations prepare for a major shift in Transport Layer Security certificate rules that will dramatically increase renewal frequency and operational workloads over the next four years. The company’s TLS Certificate Renewal Impact Calculator and TLS Certificate Discovery Scan are designed to help businesses quantify their exposure and understand the labour, cost and outage risks associated with shortening certificate lifespans.
From March 2026, the maximum validity of public TLS certificates will drop from 398 days to 200 days, with a further reduction to 47 days by 2029 under CA/Browser Forum requirements. CyberArk warns that this shift is more than a compliance adjustment, with shorter validity windows set to increase manual workload and significantly raise the likelihood of service outages caused by expired certificates.
According to CyberArk, an organisation managing 500 certificates currently spends around 2,000 labour hours per year on renewals. By 2029, that workload could exceed 24,000 hours, equivalent to expanding a two-person team to around 24 staff solely to manage certificate renewals. The company’s research also shows that 72 percent of security leaders experienced at least one certificate-related outage in the past year, with many reporting monthly or weekly disruptions.
CyberArk’s new tools are intended to give IT and security teams clear visibility into their certificate portfolios and renewal timelines. The calculator allows organisations to model how accelerating renewal cycles will affect operational capacity and costs, supporting the development of business cases for automated certificate lifecycle management. The discovery scan identifies expired or soon-to-expire public-facing certificates, along with misconfigurations and compliance issues.
CyberArk said the tools are part of its broader initiative to raise awareness of certificate lifecycle risks and support adoption of automated management practices through the CyberArk Identity Security Platform. The company argues that automation is essential for preventing outages, reducing labour requirements and improving resilience as certificate validity windows continue to shrink.
Both the TLS Certificate Renewal Impact Calculator and the TLS Certificate Discovery Scan are available now for organisations preparing for the transition to 47-day certificate lifespans.
