Notifications
Clear all
Topic starter
03/06/2026 11:51 am
TL;DR: Shorter TLS certificate lifecycles are forcing teams to compress renewal, validation, and deployment work into a much tighter operating window, according to Akeyless. Manual tracking and renewal will not scale as certificate rotation frequency rises, and outage risk now sits directly inside identity operations.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- The live demo webinar is scheduled for June 18th at 12pm ET and 4pm GMT.
- The industry is moving toward 47-day certificate validity requirements.
Questions worth separating out
Q: How should security teams handle certificate renewals when validity periods shrink to 47 days?
A: Security teams should move certificate renewals into automated, policy-driven workflows that cover issuance, deployment, and validation together.
Q: Why do short certificate lifecycles create more outage risk for identity programmes?
A: Shorter lifecycles compress the time available to notice expiry, coordinate change, and confirm deployment across every dependent system.
Practitioner guidance
- Inventory every certificate as a governed identity object Map certificates to workload owners, trust boundaries, and deployment targets so no renewal depends on tribal knowledge or a hidden spreadsheet.
- Automate issuance and renewal workflows end to end Tie issuance, renewal, deployment, and rotation together so the new certificate is validated and installed before the old one can fail.
- Set policy thresholds for expiry readiness Create alerting and approval logic that triggers well before expiry, with distinct handling for production services, shared platforms, and regulated workloads.
What to expect at the briefing
Akeyless's full live demo covers the operational detail this post intentionally leaves for the source:
- Step-by-step workflow coverage for certificate issuance, renewal, deployment, and rotation.
- Live demonstration of policy-driven controls that prevent expired certificates from reaching production.
- Centralized monitoring and compliance reporting across hybrid and multi-cloud environments.
- Zero-Knowledge certificate protection using Akeyless DFC™ in the demo context.
👉 Register for Akeyless's live demo on automated certificate lifecycle management →
47-day certificate lifecycles on June 18: what changes for IAM teams?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
03/06/2026 11:53 am
47-day certificate lifecycles turn certificate management into identity governance, not maintenance. The operating assumption that renewal can be handled in periodic batches was designed for long-lived certificates and human-paced change control. That assumption fails when certificate validity compresses to 47 days because the renewal cycle becomes continuous, distributed, and failure-sensitive. The implication is that teams must rethink certificate lifecycle governance as a standing control function across NHI and infrastructure identity, not as an occasional cleanup task.
A few things that frame the scale:
- 69% of organisations now have more machine identities than human ones, according to The Critical Gaps in Machine Identity Management report.
- 57% of organisations lack a complete inventory of their machine identities, which is why certificate and workload visibility problems tend to persist.
A question worth separating out:
Q: Who is accountable when an expired certificate causes a service outage?
A: Accountability sits with the team that owns certificate lifecycle governance, not only with infrastructure operations. The failure usually reflects missing ownership, weak inventory, and lack of automated renewal controls, which makes the issue a programme problem as much as a technical one.
👉 Read our full editorial: Certificate lifecycle automation for the 47-day TLS era, June 18
