Google’s 90-day “requirement” – a push towards automated certificate management

In March 2023, Google made a significant announcement regarding a shift in the validity period of publicly trusted TLS/SSL certificates. The internet giant declared its intention to reduce the maximum validity of these certificates from 398 days to just 90 days. While the specific timeline for this change remains uncertain, its potential impacts echoed throughout the IT world. In this blog post, we will explore Google’s motivation behind this suggested change, the drawbacks of manual certificate management, the benefits of automation, and how you can seamlessly transition to automated certificate management. Furthermore, we are pleased to introduce Dotkeeper’s solution, which provides automated certificate management through our partner Sectigo, a leading Certificate Authority (CA) provider with over 20 years of establishing digital trust.

Google’s Push for 90-Day Certificates

Google’s announcement of transitioning to 90-day certificates is a pivotal moment in the world of digital security. The intention behind this shift, as outlined in their “Moving Forward, Together” roadmap, is to streamline and enhance the security of the internet. Google aims to move away from the complex and error-prone issuance processes. By requiring certificates to be renewed every 90 days, Google seeks to ensure that websites are equipped with the latest security features and less vulnerable to threats.

The Pitfalls of Manual Certificate Management

Managing digital certificates manually has long been the norm for many organizations. However, with the imminent switch to 90-day certificates, manual management is no longer a viable option. Here are some of the key drawbacks associated with manual certificate management:

  1. Prone to Errors: Renewing certificates manually every 90 days increases the likelihood of human errors, as the frequency of carrying out this task must occur at least 5 to 6 times a year, due to overlaps and rotation of certificates.
  2. Resource-Intensive: The manual renewal of 90-day certificates demands not only more human effort but also consumes substantial resources.
  3. Lack of Scalability: As organizations grow and accumulate more digital certificates, manual management becomes less sustainable and scalable.
  4. Potential Outages and Data Breaches: Incorrect certificate renewals can lead to SSL/TLS outages and data breaches, putting sensitive information at risk.
  5. Overall Cybersecurity Risks: Malicious actors are constantly developing new methods to exploit cybersecurity weaknesses. One major vulnerability is the lack of encryption that an SSL certificate provides.

Given these risks, manual certificate management is no longer a viable approach for organizations.

The Power of Automated Certificate Lifecycle Management

Automation emerges as the clear solution to address the challenges posed by shorter certificate lifespans. By automating certificate management, organizations can enhance security, increase operational efficiency, reduce risks, scale seamlessly, and adapt to changing validity periods effectively.

Automated Certificate Management Environment (ACME) protocol is a highly efficient way to automate TLS and SSL certificates. Developed by the non-profit Internet Security Research Group (ISRG), ACME clients enable organizations to request, install, and renew certificates without human intervention. These clients also monitor certificate validity and renew them proactively, preventing any outages due to expiration.

Automation offers various benefits:

  • Enhanced Security: Automation minimizes human error, ensuring that your servers and websites always have valid certificates, thus preventing disruptions.
  • Operational Efficiency: By automating certificate issuance and renewal, your IT staff can focus on other mission-critical tasks, reducing manual workload.
  • Risk Reduction: Automated renewal and replacement of certificates eliminate the risks associated with manual management.
  • Scalability: Automation is infinitely scalable, enabling organizations to expand without adding additional staff.
  • Adaptation to Changing Validity Periods: Automated management makes it easy to navigate changes in certificate validity periods.

Getting Started with Automated Management

Transitioning to automated certificate management is a smart move for any organization. To begin, you’ll need the right tools and a Certificate Authority (CA) that supports automation. Dotkeeper, in partnership with Sectigo, offers a credible solution for automated certificate management. Sectigo’s Certificate Manager (SCM) is designed to simplify and automate the lifecycle of digital certificates through one single pane of glass.

SCM supports automated installation, revocation, and renewal of digital certificates using industry-leading protocols and APIs. It offers in-depth certificate discovery, enabling you to identify and monitor all digital certificates across your environment, regardless of the issuing CA. With SCM’s ACME support, certificates are automatically configured and implemented, eliminating the need for human intervention.

In summary, Google’s announcement to shift to 90-day certificates is a significant development in the realm of digital security. Manual certificate management is no longer a practical option due to the increased frequency of renewals and the associated risks. Automated certificate lifecycle management is the way forward, offering enhanced security, efficiency, and scalability. Dotkeeper, in partnership with Sectigo, provides a robust solution for automated certificate management, ensuring that your organization is well-prepared to navigate the changing landscape of certificate validity periods and safeguard your digital assets effectively.

Read more about Digital Certificates and how we can help you secure your interests.