Imagine your company changes the locks on every door in every office, data centre, and server room it operates. Now imagine doing that every seven weeks across thousands of locations simultaneously, some of which you did not even know existed.
That is the reality facing large enterprises across Asia Pacific (Apac) as the technology industry moves to sharply shorten the lifespan of digital certificates. These credentials authenticate websites, applications and connected systems used across industries, forming the backbone of encrypted internet transactions. Without a valid certificate, systems cannot verify identity, and services can quickly grind to a halt.
Today, most digital certificates are valid for about 13 months. By March 15, 2026, that window will shrink to roughly 6½ months. By 2029, it will drop to just 47 days. The change is being driven by major browser and technology consortia as a security measure. Shorter-lived certificates mean stolen credentials have a narrower window of usefulness for attackers. The logic is sound but the operational implications are complex.
“When certificate lifespans shrink, the operational impact increases beyond the capacity of manual processes,” James Cook, Apac group vice president at DigiCert, tells DigitalEdge. For a large bank, telco, or healthcare provider managing 10,000 certificates today, that means approximately 10,000 renewals a year under current rules. At 47-day lifespans, the same organisation faces roughly 90,000 renewals annually, which is an eightfold increase almost overnight.
Operational blind spots
Across Apac, DigiCert estimates that between 40% and 60% of enterprises still rely at least partly on manual public key infrastructure (PKI) processes to manage certificate renewals. PKI is the framework of policies, software and procedures that issues, verifies, manages and revokes the digital certificates used to secure encrypted communications. Many organisations still track digital certificate renewals using spreadsheets, ticketing systems and ad-hoc scripts. That fragmentation increases the likelihood of missed renewals and service disruptions. A 2025 industry survey found that 45% of enterprises experienced service disruptions tied to certificate issues in the prior year. In about 38% of those cases, the trigger was simply an expired certificate that went unnoticed.
See also: Mastercard, DBS and UOB successfully trial autonomous payment by AI agent in Singapore
A vivid example arrived in January 2026, when Logitech allowed a code-signing certificate (or a credential that tells Apple’s operating system a piece of software can be trusted) to expire. Logitech’s macOS applications abruptly stopped launching. Designers, developers, and office workers found their tools non-functional, with no immediate explanation. Many professionals were forced to spend time reinstalling or manually patching software to restore full functionality.
The biggest friction point isn’t the renewal itself — it’s visibility. Certificates are scattered across hybrid environments, often without a clear owner, and when lifespans shrink, those blind spots quickly lead to outages. The lack of a central inventory makes it hard to know what is and is not accounted for.James Cook, Apac group vice president, DigiCert
See also: NUHS partners with GSMA Foundry to advance 5G, AI-enabled hospitals
The technical lapse can quickly become an organisational problem. When failures do occur, accountability is rarely straightforward. “Cybersecurity teams may set PKI policy, infrastructure teams manage deployment, and device or application owners control the systems, with vendors sometimes in the mix as well. Without centralised lifecycle management and clear accountability, shorter certificate lifespans increase both operational strain and outage risk,” he adds.
Who is most exposed
Cook identifies several sectors as least prepared for shorter certificate lifespans. Healthcare is among them, constrained by legacy systems, limited automation budgets and fragmented operations. Many connected medical devices were not designed for remote credential updates, much less rotations every seven weeks. In some cases, updating a certificate requires a maintenance window, vendor involvement, firmware changes or even physical access to the device.
Government and public agencies face different hurdles, including lengthy procurement cycles, ageing infrastructure and decentralised IT teams. Mid-tier financial institutions often have strong security intent but carry legacy systems across digital banking platforms and mobile applications. Even large telcos and multinational banks (which are typically further along in automation) still struggle to align central security teams with regional operations.
The challenge extends beyond an organisation’s own perimeter. In tightly coupled industries — such as semiconductor manufacturing, port logistics, airline operations, and financial networks — vendors and contractors are deeply embedded in core operations and often rely on certificates that the primary organisation cannot see. “When lifespans shrink, those blind spots become risk multipliers, especially if vendors are still using manual or decentralised renewal processes,” Cook says. A missed renewal at a supplier can disrupt data flows, authentication or transactions across an ecosystem, often without warning or a quick fix.
A hedge against tomorrow’s threats
The operational pressure is intensifying as enterprises expand deployments of artificial intelligence (AI) agents and machine-to-machine interactions. “Every AI agent, workload, application programming interface call, microservice, and ephemeral container may require its own identity. What used to be thousands of certificates can quickly become millions, with many of them created and destroyed automatically,” says Cook. Managing that huge volume requires consistent policy enforcement, real-time visibility and controls to prevent orphaned credentials from becoming security gaps. However, most organisations have yet to build that level of infrastructure.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Shorter certificate lifespans also carry a longer-term strategic benefit. Security experts have warned of a “harvest now, decrypt later” scenario, in which adversaries collect encrypted data today with the aim of breaking it once quantum computing matures. More frequent rotation limits the amount of data tied to any single cryptographic key, reducing potential exposure if that key is eventually compromised.
“As digital certificate lifespans shrink from years to months, manual processes simply can’t keep up. Automated issuance, renewal, revocation, and policy enforcement enable organisations to operate at machine speed, maintain visibility across environments, and transition smoothly to post-quantum algorithms. In that sense, automation isn’t just operational efficiency; it’s foundational to quantum readiness,” he asserts.
Steps to take now
For executives weighing the cost of investment against inaction, the numbers are concrete. A Forrester study commissioned by DigiCert found that enterprises implementing centralised certificate lifecycle automation achieved a 312% return on investment over three years, with payback in under six months. Quantified benefits totalled US$11 million ($14 million), including approximately US$7.9 million in operational and labour savings and US$2.8 million in reduced security incident costs.
Some Apac organisations are already treating PKI certificate management as a multi-year, platform-level modernisation effort rather than a routine IT maintenance task, shares Cook. For cloud providers in the region, the implications are both commercial and technical. “Enterprises now expect robust, embedded certificate automation as a standard feature of cloud platforms, not a premium add-on. This is driving greater integration of managed PKI and lifecycle automation into cloud stacks, reshaping pricing and bundling strategies, and increasing platform stickiness,” he says.
For those yet to act, Cook advises starting with a complete inventory of every certificate and key in their environment as many organisations lack a clear view of what they own. The next step is centralised lifecycle management to automate certificate issuance, renewal and retirement. Finally, that automation should be embedded into development and IT workflows so new systems are launched with certificate management built in. “These steps reduce operational shock, prevent outages, and position enterprises to scale securely as enforcement tightens,” he adds.
The urgency is real, with outages linked to expired certificates already occurring across the region. By 2029, the issue will be one of scale, and organisations that have yet to automate will be facing a crisis rather than handling a routine compliance task.
