The Road to 47 Days: Automating the PSU Certificate Lifecycle

The era of the "annual certificate" is over. Following the adoption of Ballot SC-081v3, we have entered a phased reduction of SSL/TLS validity periods: dropping to 200 days in March 2026, 100 days in 2027, and finally 47 days by 2029. Crucially, the Domain Control Validation (DCV) reuse period is shrinking even further—slashing down to just 10 days by the end of this transition. For Penn State's distributed IT environment, this means proving domain ownership is no longer a "once a year" task, but a continuous requirement. This session provides a practical roadmap for moving from manual "firefighting" to automated Certificate Lifecycle Management (CLM) using tools like the Sectigo Agent and the ACME protocol.

Learning Outcomes:

The 200/100/47 Timeline: Understand the official CA/B Forum milestones for certificate validity and why the 2026 shift is the critical "point of no return."

Mastering the DCV Crunch: Learn why the reduction of the DCV reuse period to 10 days makes automated DNS-01 or HTTP-01 challenges mandatory for success.

Discovery & Inventory: Use network scanning and other agents to find "shadow IT" certificates before they expire and cause outages.

Scalable Automation: Cover tools like Certbot, acme.sh, and Simple-ACME to achieve a "set it and forget it" security posture.

Operational Resilience: Strategies for managing certificates on legacy systems and hardware appliances that don't natively support modern automation.