Find risky public TLS certificates before the 47-day certificate renewal cycle catches up to you
The CA/B Forum has approved a phased policy to shorten public TLS certificate lifespans—from 398 days today to just 47 days by March 2029. The first enforcement hits in March 2026, dropping the maximum validity to 200 days, and again in 2027 to 100 days. These changes compress renewal windows and raise the stakes for teams managing public certificates. This TLS certificate scan helps you get ahead—by identifying gaps in visibility and laying the groundwork for 47-day certificate lifecycles.
CyberArk's TLS Certificate Discovery Scan quickly reveals which public-facing certificates are expired, expiring soon, misconfigured, or non-compliant—so you can take action before it disrupts your business. You’ll be able to:
No deployment required. Just sign up with your business email (we scan the domain tied to that email) and get a detailed report powered by CyberArk Certificate Manager.
It only takes minutes to start. Results can help guide your automation and compliance strategy.