Changelog
BetaSDKsGet startedTalk to salesSign inSupportStatusPricing
Start typing to search…
Back to All

TLS certificate lifecycle change and certificate pinning guidance

April 7th, 2026 by [email protected]

Who is affected: Customers whose systems perform certificate pinning for our TLS certificates.
Products affected: All services and APIs secured with our TLS certificates.

Changes

  • Certificate lifecycle update: Due to upcoming industry-wide changes in certificate validation and lifecycle management, the validity period of TLS certificates will be significantly reduced. In the near future, TLS certificates will have a maximum validity of 47 days, requiring significantly more frequent renewal and rotation.
  • Certificate pinning considerations: As a result of the shortened certificate lifecycle, implementations that rely on pinning to a specific leaf certificate will no longer be sustainable. Systems that continue to pin to a specific certificate may experience connectivity disruptions whenever certificates are renewed as part of the automated rotation process.
  • Alignment with recommended practices: We recommend avoiding certificate pinning for our TLS certificates. More details can be found here. Instead, integrations should rely on standard TLS validation mechanisms using trusted Certificate Authorities. This approach ensures compatibility with automated certificate rotation and aligns with industry best practices.
  • Automated certificate rotation: Our platform will continue to manage certificate issuance, renewal, and rotation automatically as part of the updated lifecycle model.

How this may affect you

  • Customers using certificate pinning: If your systems currently perform certificate pinning for our TLS certificates, you should review and update your implementation to remove pinning to specific certificates. Failure to do so may result in service connectivity issues once certificates are rotated under the new lifecycle model.
  • Customers using standard TLS validation: No action is required if your systems rely on standard TLS trust validation through trusted Certificate Authorities.

Additional information

  • We strongly recommend reviewing your integrations and aligning them with the guidance provided in our developer documentation to ensure uninterrupted service operation under the updated certificate lifecycle.
  • If you have any questions or require assistance, please reach out to your dedicated Customer Success Manager or contact Customer Support.
© 2025 Telesign / Terms & Conditions / Privacy Notice / Privacy Hub