On October 14, the CA/Browser Forum, which sets standards for the certificate industry, approved a reduction in the validity period for Code Signing Certificates from 39 months to 460 days. This change is intended to strengthen security and improve compliance. GMO GlobalSign, Inc., a global Certificate Authority and identity security provider, is positioned to support both new and existing customers through the transition. Businesses should note that this update comes just two weeks ahead of the broader industry move toward 200-day SSL/TLS certificate lifecycles.
Critical Code Signing Dates and Changes
Beginning March 1, 2026, the maximum validity period for Code Signing Certificates will be reduced from 39 Months to 460 days. To meet this new industry requirement, GMO GlobalSign stopped issuing 2-Year and 3-Year Code Signing Certificates on December 26th, 2025. From this point forward, GMO GlobalSign will only be issuing 1-year (366 days) Code Signing Certificates. Existing Code Signing Certificates that have a validity of up to 39 months will remain valid until their expiration date. Upon renewal, after February 24th, 2026, these certificates will need to comply with the new CA/B Forum guidelines.
In line with the CA/B Forum, GMO GlobalSign is implementing this change to enhance security by shortening the lifespan of certificates. This reduction minimizes the window of exposure to potential vulnerabilities that may arise from outdated or compromised certificates. This change will result in both security improvements, as well as streamlined compliance.
What is a Code Signing Certificate, and how they help prevent Supply Chain Attacks
A Code Signing Certificate is a digital certificate containing information that fully identifies an entity and is issued by a CA like GMO GlobalSign. It proves the authenticity of the signed software, that it comes from a legitimate vendor, and that the code has not been tampered with since being published.
Software developers for a broad range of platforms — including Microsoft Windows, Apple macOS, Java — rely on code signing certificates to digitally sign their applications, drivers, and other executables, thus assuring the integrity of the software they distribute. This is particularly important for downloaded applications from the internet. With the increasing volume and complexity of cyberattacks targeting the software supply chain, it is expected that organizations worldwide will expand their utilization of code signing certificates. According to a Mordor Intelligence report the global Code Signing market is growing and could reach $50.3M by 2029.
“The certificate industry is experiencing a great deal of change to allow for quicker updates and revocations of certificates that help minimize the risks to software and users,” said Yateesh Bhardwaj, Senior Product Manager, GMO GlobalSign. “The industry has also been working to prepare for the March 15th drop down to 200-day SSL/TLS certificates but now we must prepare for shorter code signing certificates two weeks prior to that. While all these certificate reductions will benefit security, with them happening almost in unison, preparing for them will be crucial to ensure compliance with critical industry best practices.”
Learn more about how these changes to Code Signing Certificates will impact certificate management and security planning at the website here.
Related News:
SSL/TLS Certificate Lifespans to Reduce to 47 Days by 2029
Sectigo CaaS Launched, Transforming Digital Certificate Management
