Domain security has entered a most transformative period. As of July 15, 2025, WHOIS-based email addresses can no longer be used for domain control validation (DCV). Over the next several years, secure sockets layer (SSL)/transport layer security (TLS) certificate life cycles will shrink from 367 days to 47, while DCV re-use periods will decline from 367 days to just 10.
These changes come at a time when low-cost, easy-to-obtain domain validation (DV) certificates dominate the market. Cybercriminals take advantage of these cheap or free certificates to impersonate brands and trick customers into clicking on malicious links or compromising their data.
Our new report, “The SSL Landscape,” analyzes use trends and patterns for approximately 802,000 digital certificates linked to 2.4 million domains. Through this research, we wanted to gain a deeper understanding of how organizations oversee SSL certificates and how this impacts the integrity assurance of their domains. Our research, as well as personal interactions with corporate leaders, revealed some concerning trends that are unnecessarily placing companies and their organizations at risk.
Domain certificate purchasing trends signal concern
- DVs account for almost three-quarters of SSL certificate validations. As indicated, these are the lowest cost certificates and the easiest to obtain, and they only verify that the certificate buyer controls the domain name. This ease of access enables cybercriminals to leverage the same certificates to pose as legitimate brands.
- The majority of organizations use multiple certificate providers, with one-quarter using five or more. This can lead to significant management headaches and fragmented, counterproductive processes. This challenge will be compounded by the shift to shorter certificate life cycles and DCV re-use periods.
- The top three certificate providers do not offer enterprise-class support for DV certificates. While affordable, consumer-grade certificate providers cannot offer the support needed to prepare for the upcoming SSL industry changes. Additionally, these organizations are among the top certificate providers for fraudulent domains that the CSC Enforcement Team has taken down.
Businesses can avoid both domain security compromises and missed renewals by consolidating with an enterprise-class SSL certificate provider and investing in automation. In our report, we highlight how companies can benefit from a proactive and effective certificate strategy from a single provider, with automation tools replacing time-consuming, manual approaches.
But a transition to this level of automation and consolidation can involve complex nuances. Organizations can take key steps—including standardized processes, education, and comprehensive execution—to ensure optimal outcomes. And working with an enterprise-class provider is key.
Download the report to learn more about the shifting SSL landscape and how to best navigate it. Meanwhile, if you’d like to talk to us about our SSL Certificate Management solutions, contact us.