Certificate automation in the 47-day era: identity risk for CISOs

At a glance

What this is: This is a financial-services analysis of how 47-day TLS certificate lifespans turn certificate management into a machine identity governance problem.

Why it matters: It matters because IAM, PAM, and security teams will need to treat certificate inventory, renewal, and revocation as operational controls, not back-office hygiene.

By the numbers:

• In 2025, the CA/Browser Forum approved a staged reduction of TLS certificate lifespans from 398 days to just 47 days by 2029.
• When even one certificate expires, the cost is a staggering $5,600 per minute in lost revenue during outages.
• 69% of organisations now have more machine identities than human ones.
• 57% of organisations lack a complete inventory of their machine identities.

👉 Read Keyfactor's analysis of certificate automation in the 47-day era

Context

Certificate lifespans are becoming a governance problem, not just an operations problem. In financial services, TLS certificates underpin transactions, authentication flows, payment systems, API ecosystems, and customer onboarding, so the move to 47-day renewal cycles changes the risk profile of every machine identity that depends on cryptographic trust.

The core weakness is familiar: fragmented ownership, incomplete inventories, and manual renewal processes do not scale when renewal frequency increases tenfold. For IAM and security leaders, this is the same control failure seen in broader non-human identity programmes, only now the clock is running faster and the outage cost is higher.

Key questions

Q: How should security teams handle certificate renewals when lifespans shrink to 47 days?

A: They should automate discovery, ownership, issuance, renewal, and revocation as a single lifecycle workflow. Manual queues and spreadsheet tracking cannot absorb monthly renewal pressure in environments with cloud workloads, partner integrations, and customer-facing APIs. The control objective is not speed alone, but reliable execution with audit evidence and fallback paths for critical services.

Q: Why do short-lived TLS certificates create more operational risk for financial services?

A: Because certificates support authentication, transactions, and API trust, so every missed renewal can interrupt revenue-generating services. Shorter lifespans increase the chance of human error, fragmented ownership, and delayed remediation. In financial services, that turns certificate management into a resilience and compliance issue, not just a technical maintenance task.

Q: What breaks when certificate inventories are incomplete?

A: Automation becomes blind, because the system cannot renew or revoke what it cannot see. Incomplete inventories leave unknown owners, unknown expiries, and hidden dependencies across SaaS, cloud, and third-party integrations. The practical result is predictable: missed renewals, broken trust paths, and weak evidence for audit and governance reviews.

Q: Who is accountable when certificate-related outages occur?

A: Accountability should sit with the identity, infrastructure, and application owners who depend on the trust chain, not only with operations teams. Governance frameworks expect organisations to demonstrate control over inventories, expiry management, and third-party dependencies. If no owner can prove that control, the certificate estate is already outside effective governance.

Technical breakdown

Why 47-day certificates break manual renewal models

A 47-day certificate model compresses the operational window between issuance, validation, renewal, and revocation. That pressure exposes any workflow that depends on spreadsheets, ticket queues, or individual vigilance. The problem is not only volume. Shorter lifespans also increase failure coupling, because one missed renewal can break mTLS, customer-facing applications, and backend service calls at the same time. In practice, manual controls create a single point of failure in the trust chain. Practical implication: teams need to map every renewal path to an owner, trigger, and fallback before certificate lifespans shorten again.

Practical implication: teams need to map every renewal path to an owner, trigger, and fallback before certificate lifespans shorten again.

Certificate inventory is the control that determines blast radius

Certificate automation only works when the underlying inventory is complete and current. In machine identity terms, the inventory is the authoritative record of what exists, where it is used, who owns it, and when it expires. Without that baseline, automation simply accelerates blind spots. Financial institutions with cloud workloads, SaaS integrations, and fintech partners face especially high drift because certificates proliferate across environments faster than governance teams can reconcile them. Practical implication: inventory completeness has to be treated as a precondition for automation, not a by-product of it.

Practical implication: inventory completeness has to be treated as a precondition for automation, not a by-product of it.

Why cryptographic agility is now an identity governance issue

Cryptographic agility means the organisation can change algorithms, reissue certificates, and adapt trust chains without manual firefighting. That matters because post-quantum migration will force broad reissuance across large machine identity estates. In governance terms, certificate management is no longer just about expiration dates. It is about whether the organisation can continuously prove control over key management, renewal workflows, and third-party dependencies across the full identity lifecycle. Practical implication: certificate policy must be tied to lifecycle governance and audit evidence, not isolated infrastructure tickets.

Practical implication: certificate policy must be tied to lifecycle governance and audit evidence, not isolated infrastructure tickets.

Threat narrative

Attacker objective: The objective is not credential theft but operational disruption through trust failure in certificate-dependent systems.

1. Entry occurs through a missed certificate renewal or an expired certificate in a critical trust path, which can interrupt authentication or service connectivity.
2. Escalation follows when automated dependencies, partner integrations, or customer-facing systems fail closed or require emergency manual overrides.
3. Impact is business disruption, with outage-related revenue loss, compliance exposure, and a widened window for trust-chain failure across machine identities.

Breaches seen in the wild

• Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

47-day certificates turn renewal latency into identity risk: The industry is moving from annual certificate administration to monthly operational discipline, and that changes the failure model. Manual processes do not just become inefficient, they become structurally misaligned with the trust cadence that machine identities now require. The practitioner conclusion is simple: renewal delay is no longer a maintenance issue, it is a control failure.

Certificate inventory is the hidden governance boundary: Automation cannot compensate for unknown certificates, unknown owners, or unknown dependencies. That is the same governance pattern seen across broader NHI programmes, where incomplete discovery turns every policy into partial coverage. The practitioner conclusion is that inventory completeness determines whether certificate automation is real or cosmetic.

Cryptographic agility has become a machine identity lifecycle requirement: The upcoming reissuance burden from shorter lifespans and PQC migration will expose organisations that still treat certificates as isolated infrastructure artefacts. The relevant framework lens is lifecycle governance, because the issue is continuity of identity, not merely renewal tooling. The practitioner conclusion is that certificate governance now sits inside the wider NHI lifecycle model.

Digital trust failure is now board-level identity risk: Financial services depend on certificates for transactions, onboarding, and API trust, so outages triggered by certificate drift affect revenue, compliance, and customer confidence at the same time. That makes certificate management a governance signal, not a back-end task. The practitioner conclusion is that CISOs need to report certificate resilience in the same language as identity control assurance.

Standing trust assumptions are still too human-paced for machine identity reality: Processes designed for slower administrative cycles assume there is enough time to notice, review, and intervene before trust expires. That assumption fails when certificate lifetimes compress and machine identity sprawl continues to grow. The practitioner conclusion is that certificate governance has to be redesigned around machine-speed lifecycle execution, not human-paced review cycles.

From our research:

• 69% of organisations now have more machine identities than human ones, according to the Ultimate Guide to NHIs.
• 57% of organisations lack a complete inventory of their machine identities, which means discovery gaps still outpace governance in many environments.
• That is why certificate automation must be paired with the NHI Lifecycle Management Guide, because renewal control without lifecycle ownership does not close the trust gap.

What this signals

Certificate automation is now part of NHI governance, not a separate infrastructure project: As certificate lifespans shrink, the control surface shifts from periodic renewal to continuous lifecycle execution. Teams that still manage certificates as isolated tickets will miss expiry windows, while teams that connect ownership, inventory, and renewal can turn this into a measurable governance program.

A useful benchmark is that 71% of NHIs are not rotated within recommended time frames, according to our Ultimate Guide to NHIs. That is a warning for certificate programmes too, because lifecycle slippage tends to appear first where ownership is fragmented and visibility is incomplete.

Identity blast radius: When certificates authenticate customer sessions, APIs, and partner integrations, one missed renewal can cascade across business functions. Security leaders should prepare reporting that treats expiry exposure, inventory completeness, and exception volume as board-visible resilience indicators rather than operational noise.

For practitioners

• Automate certificate discovery and ownership mapping Build a complete inventory of certificates across cloud, SaaS, DevOps, and partner integrations, and attach a named business owner to each trust path before renewal automation is expanded.
• Replace spreadsheet renewals with event-driven workflows Move renewal, rotation, and revocation into event-driven workflows that trigger before expiry, and add fallback paths for critical customer-facing systems where downtime is unacceptable.
• Tie certificate governance to audit evidence Record renewal timestamps, key management actions, third-party dependencies, and exception handling so compliance teams can prove control over the full lifecycle, not just the certificate count.
• Prepare a reissuance plan for post-quantum migration Identify high-impact systems that will need broad certificate reissue and test whether your current tooling can handle mass replacement without manual coordination across business units.
• Report certificate resilience as an identity metric Track expiry exposure, inventory completeness, and renewal success rates as identity governance metrics so leadership can see where digital trust is weakening before outages occur.

Key takeaways

• 47-day TLS lifespans expose the limits of manual certificate operations and make renewal discipline a resilience control.
• Incomplete inventories and fragmented ownership are the real failure points, because automation cannot govern what it cannot see.
• Financial institutions should treat certificate governance as part of the wider identity lifecycle, especially ahead of post-quantum reissuance pressure.

Key terms

• Certificate lifecycle management: Certificate lifecycle management is the process of discovering, issuing, renewing, rotating, and revoking digital certificates across their full life span. In practice, it is an identity governance discipline for machine trust, because missed renewal or unclear ownership can break authentication, availability, and auditability at the same time.
• Machine identity: A machine identity is a non-human identity used by software, services, devices, or workloads to prove trust and exchange access. It commonly includes certificates, tokens, keys, or service accounts, and it must be governed with the same seriousness as human access because it can authenticate at scale and with high privilege.
• Cryptographic agility: Cryptographic agility is the ability to change algorithms, reissue trust artifacts, and update dependencies without a manual reset of the environment. It matters because certificate lifecycles, compliance demands, and post-quantum migration can force broad reissuance, so the organisation needs process and tooling that can adapt quickly and safely.
• Digital trust: Digital trust is the confidence that systems, identities, and transactions are authenticated correctly and can be relied on in production. For security and IAM teams, it depends on the integrity of certificate chains, key management, and renewal processes, all of which can fail if ownership and visibility are weak.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Keyfactor: The Case for Certificate Automation in the 47-Day Era. Read the original.