The Certificate Authority/Browser (CA/B) Forum’s recent decision to limit SSL / TLS certificate validity to 47 days by 2029 marks a fundamental shift in how organizations must approach certificate lifecycle management (CLM). While this change enhances security by encouraging more frequent rotations, it introduces operational complexity and cost volatility for those still reliant on traditional per-cert or product-pack models.
SAN Licensing from GlobalSign offers a future-ready alternative—designed for scale, flexibility, automation, and operational clarity. For IT leaders tasked with ensuring infrastructure agility and security without drowning in administrative overhead, SAN Licensing provides a compelling path forward.
What is SAN Licensing and Why it Matters More Than Ever
At its core, Subject Alternative Name (SAN) Licensing decouples certificate pricing from the number of certificates issued or their validity period. Instead, it is priced based on the number of unique SANs actively used across all certificates.
You can issue, revoke, or reissue certificates as needed—short or long-lived—so long as the active SAN count remains within your license pool.
With the transition to 47-day certificate validity, traditional pricing models, such as per-cert or product packs, become increasingly inefficient and administratively burdensome.
Here’s why SAN Licensing is not just relevant—it’s essential:
1. Short Validity, Zero Waste
In a world of 47-day certificates, SAN Licensing eliminates the pain of constantly recalculating purchase quantities. Whether issuing for 12 days or 12 months, the license is based solely on the number of unique Fully Qualified Domain Name (FQDNs), not the number of certificates or their duration.
If a certificate is revoked early, the SAN is reclaimed and can be reused—making SAN Licensing an eco-system of efficiency and cost-effectiveness.
Using a unique private key for each server is considered best practice. If you reuse the same key across multiple servers and it becomes compromised, every instance using that key is also compromised. With SAN Licensing, you can simply issue a new certificate for each server, eliminating the need to copy or transfer private key material.
2. Automation-Ready with ACME
GlobalSign’s SAN Licensing seamlessly integrates with the ACME protocol. Unlike other providers that require manual intervention or complex reissue workflows, GlobalSign’s implementation allows certificate reissuance without additional configuration—just one ACME URL, and you’re set. Perfect for DevOps and CI/CD pipelines.
3. Flexible, Predictable Pricing
Whether you're managing 5 SANs or 5,000, the pricing is consistent and predictable. It doesn’t matter how many certificates you issue or how frequently you rotate them. SAN Licensing is especially attractive for:
- DevOps teams constantly provisioning new environments
- Marketing campaigns with short-lived domains
- Demo or trial services that need certs on demand
- Migrations or infrastructure changes that require domain flexibility
4. Simplifies Sales & Purchasing
Gone are the days of complex pricing tiers based on validity periods, wildcard usage, or per-cert considerations. SAN Licensing streamlines the buying process for customers, resellers, and service providers alike. It also ensures no one “overpays” for unused certificate features and makes internal billing simple and predictable, helping organizations more easily allocate costs across departments.
Who Should Adopt SAN Licensing?
The model scales from Small Medium Businesses (SMBs) to Medium, Large Enterprises (MLEs), catering to a broad range of customers:
- SMBs and Small, Medium Enterprises (SMEs) benefit from clear, upfront pricing and easy-to-understand, automation-ready licensing model.
- MLEs provide operational flexibility across complex, redundant infrastructures — such as server pools, load balancers, and failover environments — where multiple systems requiring a certificate for the same FQDN would collectively consume just one license.
- Service Providers and Resellers enjoy simplified management and fewer support headaches.
Ready for the Future of Shorter Certificate Validity
As the industry moves toward 47-day certificate lifecycles, SAN Licensing provides a smooth transition with the same licensing terms applying whether certificates are issued for one year or just 47-days. Organizations can take advantage of predictable, simplified licensing without disruption, regardless of certificate lifespan. Now is the time to evaluation your SSL / TLS strategy: by adopting SAN Licensing, companies can sidestep future friction, reduce administrative overhead, and position themselves at the forefront of best practices in certificate lifecycle management.
Future-proof your TLS strategy—start your transition to SAN Licensing today and stay ahead of the 47-day validity curve by contacting GlobalSign.
