We recently reviewed the approved CA/B Forum Ballot SC-081v3, which introduces a phased reduction of publicly trusted TLS certificate validity periods and validation data reuse periods over the coming years.
As currently published, the maximum TLS certificate validity period will gradually reduce from 398 days to 47 days by March 2029, while domain validation reuse periods will eventually reduce to as little as 10 days.
Given these industry-wide changes, we would like to understand IFS's plans and recommendations regarding certificate lifecycle management for IFS Cloud environments.
Could you please provide information on the following for remote deployment:
1. Has IFS already assessed the impact of SC-081v3 on IFS Cloud deployments and related components?
2. Are there any planned product enhancements or roadmap items to support shorter certificate lifecycles?
3. Does IFS have any recommendations for automated certificate management solutions or approaches that can be used within IFS Cloud environments, particularly for remote customers, to simplify certificate issuance, renewal, and deployment?
4. Does IFS plan to publish any guidance, best practices, or technical documentation related to these upcoming changes?
Additionally, I would like to understand what happens when mtinstaller is executed. Could you please clarify which pod(s) or container(s) are updated with the SSL certificate, and where the certificate is stored within the environment, including the relevant path inside the pod or container?
As certificate validity periods move towards 47 days, manual certificate management will become increasingly challenging, and we would like to ensure our long-term strategy aligns with IFS recommendations.
We would appreciate any information regarding IFS's assessment, roadmap, and recommended preparations for customers.
Reference: https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/