CSC Research Finds 40% of Enterprises Could Be at Risk of an Outage Due to SSL Expiration

WILMINGTON, Del.--(BUSINESS WIRE)--New research from CSC, an enterprise-class domain security provider and world leader in domain management, SSL management, brand protection, and anti-fraud solutions, indicates that as many as 40% of enterprises are at risk of unexpected service outages caused by out-of-date secure sockets layer (SSL) certificates. This threat stems from the reliance on WHOIS-based email addresses for domain control validation (DCV) that will be officially deprecated on July 15, 2025.

CSC analyzed over 100,000 global SSL certificate records and found that many organizations still use WHOIS email as their primary method for domain control validation, despite a 2024 vote by the CA/Browser Forum that mandates the deprecation of WHOIS-based validation due to its associated security vulnerabilities. After July 15, 2025, certificate authorities (CAs) will no longer accept WHOIS email for DCV, making alternative validation methods essential for uninterrupted operations.

Compounding the issue, 17% of companies surveyed by CSC are unaware of their current DCV method, suggesting a widespread lack of visibility and preparedness within IT and security teams. To mitigate the risk, companies should immediately audit their certificate management workflows and migrate to accepted DCV alternatives such as domain name system (DNS)-based validation or file-based web token methods.

“For years, WHOIS-based email was seen as the easiest, non-technical DCV method. Organizations that have not switched to alternative DCV methods risk serious consequences—from website outages to critical service failures. But the changes don’t stop there,” cautions CSC’s senior director of Technology, Security Products and Services, Mark Flegg. “Organizations also need to bear in mind further industry-wide shifts that will take place in the coming years. Any short-term fixes need to be aligned with this long-term trajectory where automation of certificates and DCV will become unavoidable. Organizations absolutely need to start their prep work now.”

From March 15, 2026, certificate life cycles will begin to shorten drastically—from 367 days to 200, then 100, and finally just 47 days by 2029. Correspondingly, DCV re-use periods will reduce from 367 to 200, 100, and then just 10 days by 2028. That means enterprises will be facing up to eight certificate renewals per year. With DCV at 10 days, it could mean revalidation every time a certificate needs to be re-issued.

To support enterprises through these transitions, CSC offers a comprehensive suite of digital certificate solutions that can tailor to any organization’s workflow. Its newly launched Domain Control Validation as a Service (DCVaaS)—available free of charge to its clients—streamlines the validation process, reducing certificate renewal times by up to 99% and alleviating the manual workload for IT teams.

To learn more about CSC’s DCVaaS and future-proof your digital certificate operations, request a consultation at cscdbs.com.

About CSC
CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec^SM platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC’s proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit cscdbs.com.