Main section
CA/Browser Forum Updates
The CA/B Forum continuously makes new decisions that adapt the Baseline Requirements for TLS/SSL certificates, S/MIME or Code Signing and more. These changes have a direct impact on Certificate Authorities and certificate users.
On this page you will find:
-
All relevant CA/B Forum decisions for the DACH region explained in an understandable way
-
Concrete recommendations for IT security managers
-
Timeline of the most important deadlines
-
Unique: Technical analysis in German, French and English
The most important deadlines at a glance
|
Deadline |
Title |
Affected are |
|---|---|---|
|
July 2026 |
Reusable DNS validation planned for SwissSign certificates |
TLS/SSL + S/MIME |
|
15 March 2027 SwissSign: to be announced |
Reduction of the maximum term to 100 days SwissSign: 98 days |
TLS/SSL Certificates |
|
15 March 2027 SwissSign: Q1 2027 |
Purpose of use ‘Client Authentication’ no longer used for public TLS/SSL certificates |
TLS/SSL Certificates |
|
15 March 2029 SwissSign: to be announced |
Reduction of the maximum running time to 47 days SwissSign: 45 days |
TLS/SSL Certificates |
High relevance for certificate users
Moderate relevance for certificate users
Good to know for certificate users
SwissSign Certificate Lifecycle Management
From shrinking validity periods to post-quantum migration, manual certificate management is reaching its limits. SwissSign's Certificate Lifecycle Management automates discovery, governance and renewal, with Swiss-European digital sovereignty built in.
-
Discovery, governance, automation across your entire certificate estate, any CA, any location
-
Swiss-hosted, sovereign PKI for regulated industries
-
Ready for shorter lifespans and crypto-agility without manual effort
Frequently Asked Questions (FAQ)
Certificate Authorities must meet the so-called Baseline Requirements to remain in browser root stores. Certificate users are indirectly affected when changes require new validation methods or certificate validity periods are reduced.
The CA/B Forum has passed 15-20 ballots per year over the past two years, most of which concern TLS/SSL certificates.
All official ballots are available on cabforum.org. SwissSign offers the most important ballots in German with practical recommendations for action.
The CA/B Forum documents are technically complex and only available in English. SwissSign not only translates the relevant changes, but also explains them in a practical way for IT security managers in the DACH region.
About this site
Objective: SwissSign documents all relevant CA/B Forum ballots that have an impact on certificate users in the DACH region. We focus on practical changes with concrete recommendations for action.
Selection criteria:
-
Ballots with direct action relevance for users
-
CA-internal changes with possible impact on users
-
Focus on TLS/SSL and S/MIME certificates
Sources:
-
CA/B Forum Official Website (cabforum.org) + Documentation on GitHub
-
SwissSign Team