Following New CA/B Forum Vote, Businesses Must Prepare for Two Significant Certificate Lifecycle Reductions in March

BOSTON--(BUSINESS WIRE)--On October 14^th, 2025, the CA/B Forum, which establishes standards within the certificate industry, voted to reduce the lifetime of Code Signing Certificates from 39 months to 460 days. The changes are being implemented to enhance security and improve compliance. GMO GlobalSign, Inc., a global Certificate Authority (CA) and leading provider of identity security, is prepared to assist both new and existing customers during this transition. Businesses should be aware that this latest certificate lifecycle reduction will occur just two weeks before the massive industry shift towards 200-day SSL/TLS certificates.

On March 1, the lifetime of Code Signing Certificates will be reduced from 39 months to 460 days. Today, GMO GlobalSign is offering guidance to help companies prepare for this important shift.

Share

Critical Code Signing Dates and Changes

Beginning March 1, 2026, the maximum validity period for Code Signing Certificates will be reduced from 39 Months to 460 days. To meet this new industry requirement, GMO GlobalSign stopped issuing 2-Year and 3-Year Code Signing Certificates on December 26th, 2025. From this point forward, GMO GlobalSign will only be issuing 1-year (366 days) Code Signing Certificates. Existing Code Signing Certificates that have a validity of up to 39 months will remain valid until their expiration date. Upon renewal, after February 24th, 2026, these certificates will need to comply with the new CA/B Forum guidelines.

In line with the CA/B Forum, GMO GlobalSign is implementing this change to enhance security by shortening the lifespan of certificates. This reduction minimizes the window of exposure to potential vulnerabilities that may arise from outdated or compromised certificates. This change will result in both security improvements, as well as streamlined compliance.

What is a Code Signing Certificate, and how they help prevent Supply Chain Attacks

A Code Signing Certificate is a digital certificate containing information that fully identifies an entity and is issued by a CA like GMO GlobalSign. It proves the authenticity of the signed software, that it comes from a legitimate vendor, and that the code has not been tampered with since being published.

Software developers for a broad range of platforms -- including Microsoft Windows, Apple macOS, Java -- rely on code signing certificates to digitally sign their applications, drivers, and other executables, thus assuring the integrity of the software they distribute. This is particularly important for downloaded applications from the internet. With the increasing volume and complexity of cyberattacks targeting the software supply chain, it is expected that organizations worldwide will expand their utilization of Code Signing certificates. According to a Mordor Intelligence report, the global Code Signing market is growing and could reach $50.3M by 2029.

“The certificate industry is experiencing a great deal of change to allow for quicker updates and revocations of certificates that help minimize the risks to software and users,” said Yateesh Bhardwaj, Senior Product Manager, GMO GlobalSign. “The industry has also been working to prepare for the March 15^th drop down to 200-day SSL/TLS certificates but now we must prepare for shorter code signing certificates two weeks prior to that. While all these certificate reductions will benefit security, with them happening almost in unison, preparing for them will be crucial to ensure compliance with critical industry best practices.”

For queries regarding GMO GlobalSign Code Signing Certificates please visit https://support.globalsign.com/code-signing

About GMO GlobalSign

As one of the world’s most deeply-rooted certificate authorities, GMO GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud-based service providers, and IoT innovators worldwide to conduct secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support billions of services, devices, people, and things comprising the IoT. GMO GlobalSign is a subsidiary of GMO GlobalSign Holdings, K.K., a member of the Japan-based GMO Internet Group, has offices in the Americas, Europe and Asia. For more information, visit https://www.globalsign.com.