20251215 – Change in Code Signing Certificate Validity Period
The CA/B Forum has recently approved a reduction in the lifespan of Code Signing Certificates.
In accordance with these new guidelines, the maximum validity period of Code Signing Certificates will be reduced in the coming months.
Timeline
- From 1 March 2026, the maximum validity period will be reduced from 39 months to 460 days, i.e. 1 year and 3 months.
Special Case: GlobalSign
From 26 December 2025, GlobalSign will stop offering 2-year and 3-year Code Signing Certificates.
GlobalSign will permanently stop issuing 2-year and 3-year Code Signing Certificates from 25 February 2026.
In plain terms: It will be possible to place orders for 2-year or 3-year Code Signing Certificates until 25 December 2025 (inclusive). These orders must be issued no later than 24 February 2026. Otherwise, they will be cancelled.
Any order (new request, renewal, or reissuance) issued after 24 February 2026 will comply with the new standards.
Sectigo certificates
TBS will remove the 2- and 3-year valid Sectigo code signing certificates from its catalog on February 13, 2026.
Any order placed before this date and not delivered by February 23 will be canceled.
Why this change?
This change aims to strengthen the overall security of signed software. By reducing the lifespan of certificates, the risk associated with the use of compromised or outdated certificates is significantly reduced.
Likewise, more frequent certificate renewals ensure alignment with security standards and industry best practices.
What are the consequences for certificates issued before the deadline?
None. 2-year and 3-year Code Signing Certificates already issued will remain valid until their original expiration date.
Reissuances after the deadline
Any reissuance performed from 1 March 2026 (or from 25 February 2026 for GlobalSign) must comply with the new validity period imposed by the CA/B Forum. As a result, 2-year and 3-year Code Signing Certificates reissued after the deadline will be shortened.