Skip to main content

End of 2- and 3-year public code signing certificates

Improving code signing certificate by moving to 459-day certificates

Industry says goodbye to 2- and 3-year code signing certificates

On February 24, 2026, DigiCert will stop issuing 2 and 3-year public code signing and EV code signing certificates. The new maximum code signing certificate validity is 459 days. Read our knowledge base article to learn more about the move to 459-day code signing certificates.

Following industry best practices, DigiCert implemented a 459-day maximum validity for all public code signing and EV code signing certificates. This practice accounts for time zone differences and prevents Certificate Authorities from mis-issuing a public code signing certificate that exceeds the new 460-day maximum validity requirement.

Items covered in this article

What do I need to do?

No immediate action is required. The next time you order a code signing certificate, use the default 1-year certificate validity option. Or, you can customize your certificate validity and get a 459-day certificate.

DigiCert Services API integrations

Your CertCentral Services API integrations should continue to work the way they did before this change in CertCentral.

What happens if my two or three-year code signing certificate wasn’t issued before the February 24, 2024, deadline?

Pending code signing certificate orders with a validity greater than 459 days maintain the original two or three year order validity. The code signing/EV code signing certificate is issued with a maximum 459-day certificate. Reissue your code signing certificate as needed until the order expires.

How does this affect my existing 2- and 3-year code signing certificates?

This change doesn’t affect active certificates with a validity greater than 459 days issued before the February 24, 2026, deadline. These certificates remain trusted until they expire.

For example, on February 1, 2026, you bought a 3-year code signing certificate. We issued the certificate on February 3, 2026. When the certificate nears its expiration date, you renew it with a 1-year or 459-day maximum validity code signing certificate.

How does this affect my 2- and 3-year code signing certificate reissues?

The shortened maximum certificate lifecycle period of 459 days does affect public two and three-year code signing certificate reissues. Now, when you reissue a code signing certificate, the new certificate's validity can’t exceed 459 days. This means that some reissued certificates may expire before the order expires.

To use the remaining validity included with the order, you may need to reissue a code signing certificate one or two times more. You may request reissues with a validity of up to 459 days, or until the order expires, whichever is sooner.

Example: Reissuing a 2-year public code signing/EV code signing now

  1. On February 23, 2026, we issued your 2-year public code signing, your original certificate.

    This certificate has a validity of 2 years and expires on February 23, 2028, when the order expires.

  2. On February 25, 2026, the day after DigiCert implemented the new 459-day maximum validity change, you reissue the certificate.

    The first reissued certificate has a maximum validity of 459 days and expires on May 28, 2027, approximately 269 days before the order expires.

  3. As the reissued certificate nears its expiration date, you have a choice to make as you don't necessarily need to reissue it.

    1. If that code signing certificate is still used, you should reissue it before it expires.

    2. If that code signing certificate is no longer needed, you can let it expire. Keep using the original, still valid code signing certificate (issued on February 23, 2026), to sign code.

    3. If you decide not to reissue an expiring code signing certificate, consider the following:

      1. You can’t sign your code with an expired certificate.

      2. If the original certificate was revoked, this isn’t an option. Reissue the "reissued" certificate to continue signing and use the remaining 269 days on the order.

  4. On May 27, 2027, you decide to reissue the expiring code signing certificate.

    This second reissued certificate has approximately 270 days of validity and expires on February 23, 2028, and at the same time the order expires.

  5. If you need to reissue a code signing certificate and have questions about what to expect, contact your account manager or DigiCert Support before reissuing it.

How does this affect my code signing and EV code signing certificate renewals?

The renewal process remains the same. You can still renew a code signing order up to 90 days before it expires.

In this section: