47-day SSL/TLS certificates are coming: A CIO’s first step toward quantum readiness

AI may be dominating boardroom conversations, but quantum computing is quietly preparing to upend the foundations of digital trust. For CIOs, the real strategic imperative isn’t just keeping pace with AI; it’s doing so while also preparing for the quantum disruption already underway. Quantum computing threatens to be cryptography’s Y2K moment. But unlike the millennium bug, which had a fixed deadline and a clear remediation path, quantum risk is more insidious.

The National Institute of Standards and Technology (NIST) has formalized its guidance on quantum-resistant cryptography, setting a firm transition timeline: By 2030, widely used algorithms like RSA and ECC must be phased out. Quantum preparedness has remained a consistent priority across U.S. administrations, underscoring that the shift to post-quantum cryptography (PQC) is both urgent and inevitable.

One of the earliest signals of this shift is the emergence of 47-day certificates. This deliberate reduction of SSL/TLS certificate maximum term improves security hygiene, reduces risk, and aligns with evolving browser requirements. But it also accelerates crypto agility, helping organizations build the operational muscles needed for a future where static cryptography is no longer viable.

Certificate lifespans are shrinking fast

SSL/TLS certificates authenticate digital identities and secure communications across APIs, applications, and partner ecosystems. Every expired or mismanaged certificate risks outages, broken integrations, failed transactions, and regulatory violations – all of which directly impact business continuity and customer trust.

The CA/Browser Forum formally passed Ballot SC-081v3 on April 11th, 2025, putting certificate lifespan reductions into motion:

• By March 15, 2026, certificates must be renewed every six months
• By March 15, 2027, certificates must be renewed every three months
• By March 15, 2029, certificates must be renewed every month

This shift signals that the rules of digital trust are changing, and yet, most organizations aren’t ready.

According to Sectigo’s 2025 State of Crypto Agility Report:

• 96% of organizations are concerned about the impact of 47-day certificates on their business
• Fewer than 1 in 5 organizations are prepared for monthly renewals
• Only 5% have fully automated certificate management

Combined, that’s a massive exposure for CIOs tasked with ensuring business continuity and trust.

Crypto agility is the CIO’s new mandate

Herein lies the importance of crypto agility — the ability to rapidly identify, manage, and replace cryptographic assets – is now a core CIO responsibility. SSL/TLS certificate management is the proving ground. As lifespans shrink, organizations must renew, replace, and monitor certificates at a much faster cadence. This operational shift lays the foundation for broader cryptographic agility, especially as organizations prepare for PQC.

Our report finds that 90% of organizations recognize the overlap between certificate agility and PQC preparedness. By investing in automation and certificate lifecycle management now, CIOs reduce operational risk today while laying the groundwork for quantum-safe infrastructure tomorrow.

Quantum risk is already operational

Threat actors are engaging in “Harvest Now, Decrypt Later” (HNDL) attacks, intercepting encrypted data today with the intent to decrypt it once quantum capabilities mature. Findings from our report show:

• 60% of organizations are very or extremely concerned about HNDL attacks
• 59% are similarly concerned about “Trust Now, Forge Later” threats, where digitally signed documents are stolen and forged in the future

Despite the awareness, only 14% of organizations have conducted a full assessment of systems vulnerable to quantum attacks. Nearly half (43%) are still in a “wait and see” mode.

For CIOs, this is a leadership gap and an opportunity to act decisively.

The quantum migration is a full transformation

Migrating to quantum-safe algorithms won’t be a plug-and-play upgrade. 98% of organizations expect challenges, with top barriers to migration including system complexity, lack of expertise, and cross-team coordination. Legacy systems with hardcoded cryptographic functions make this even harder.

Establishing a Center of Cryptographic Excellence (CryptoCOE) is a strategic move, and according to Gartner, organizations with a CryptoCOE will save 50% of costs in their PQC transition compared to those without.

For CIOs, this is a natural extension of your role, ensuring that cryptographic decisions are made with full visibility into system dependencies, risk profiles, and regulatory obligations.

From compliance to resilience

The shift to 47-day SSL/TLS certificates is an early signal that static cryptography is over. The future is dynamic, agile, and automated. CIOs who embrace this shift now will not only avoid outages and compliance failures but also future-proof their infrastructure against both operational and cryptographic disruption.

Curious how organizations are preparing for 47-day certificates and PQC? Read our 2025 State of Crypto Agility Report, which offers a landscape view of industry thinking, readiness, and priorities.