As the digital world is becoming more and more pervasive, the certificates that are the basis for secure online communications are getting shorter and shorter. The maximum validity of publicly trusted TLS certificates is planned to reduce from the current 398 days to only 47 days by 2029.
In this challenging situation, the French cybersecurity startup Evertrust has attracted a lot of attention. The company, which is involved in the development of software for the automatic issuance, management, and renewal of digital certificates, announced that it raised a €10 million Series A round with the lead investor Elephant. The money will be used by Evertrust to realize its dream of expansion throughout Europe and, at the same time, to help the continent in its digital-sovereignty goal.
Why Certificate Lifetimes Are Being Reduced and What Effect Does It Have?
Digital certificates which are the basis of encrypted HTTPS communications have usually been given relatively long periods of validity. However, the situation is changing very quickly. The CA/Browser Forum, which sets the standards, has recently agreed on the gradual reduction of lifetimes of TLS certificates allowed: 398 days at present, 200 days starting March 2026, 100 days from March 2027, and finally 47 days by March 2029.
The main reasons for such a step are trust and security issues. Certificates with a long lifetime are more likely to be compromised; moreover, once issued, they remain valid for many months – thus, if a certificate is lost, stolen, or misused, a longer period of time can be exploited for the intended purpose. Short-lived certificates considerably lessen the danger as they require frequent revalidation and allow for the short-term use of any credentials that have been compromised.
However, the disadvantage of this is operational difficulty. What had previously been possible with just one certificate renewal per year might, in the near future, have to be carried out every few weeks. There are still lots of organizations that operate in a manual way – using spreadsheets, calendar reminders, or ad hoc workflows – which cannot keep up with such changes.
The change to short-lived certificates has thus become a reason for increased demand for certificate-related automation and centralized governance. Besides it being a question of the prevention of outages, it is also about creating what is now called “crypto-agility” by security leaders. The use of short-lived certificates will facilitate the implementation of new cryptographic standards (e.g., post-quantum cryptography) when they become obligatory.
Evertrust: Europe’s Answer to Certificate Chaos
Evertrust, which was established in Paris in 2017 by Kamel Ferchouche, Jean‑Julien Alvado, and Étienne Laviolette, came to terms with the idea of solving the problem of a growing market gap: the absence of a Europe-originated, sovereign solution for certificate management and public key infrastructure (PKI).
While several providers concentrate only on one of the two areas i.e. either on PKI (issuing certificates) or Certificate Lifecycle Management (CLM – handling renewals, revocations, deployment), Evertrust is doing both in one cloud-ready platform. Its main products – Stream for PKI, and Horizon for CLM – together provide full automation of the certificate lifecycle in on-premises, cloud, hybrid, and IoT environments.
This integrated strategy is the major factor that separates them from the competition. Most of their competitors only provide one half of the solution; thus by being the only vendor to cover both, Evertrust can attract large companies and public-sector institutions which are in need of full visibility and control over digital-trust infrastructure.
Furthermore, Evertrust has just been granted a certificate by the French cybersecurity authority, ANSSI (CSPN certificate), which allows its products to be utilized in highly secured areas like critical infrastructure, energy, and government sectors.
As of 2025, Evertrust is said to be the provider of digital certificates for some of the biggest enterprises in France, e.g., more than one-fourth of the companies listed in the benchmark index CAC 40 are the ones choosing Evertrust – these companies are coming from such sectors as banking, energy, healthcare, defense, and public administration.
What the €10 M Series A Indicates and What Will Happen Next
With the new €10 million capital, Evertrust is going to be very ambitious and wants to extend its activities not only within France but also outside of the country. Thus, they are planning to have more people in sales and technical roles during the next five years. Besides, the company wants to develop a network of MSSP (managed security service providers) partners – by which it will move from direct sales to a hybrid or indirect distribution model of sales and thereby gain access to more organizations spread across Europe.
On the product side, the company plans to be instrumental in Europe’s transition to post-quantum cryptography (PQC). Evertrust is integrating automation and crypto-agility into its products right now – including carrying out support for quantum-safe certificates once the standards are set – and is hoping that its clients will experience no “crypto future shock” when the change occurs but rather continuity of operations.
In other words, people following the industry think that such a combination of the funding and timing is a strong signal: with the advent of short-lived certificates as a standard practice, the role of automation and platforms for managing certificates in a sovereign manner like Evertrust will no longer be a mere nice-to-have but will become an essential part of the infrastructure of any serious organization. Why It Matters The transition to 47-day certificates is not only a matter of technology. It is a radical change in the way organizations should manage digital trust. Since the lifespan of certificates is getting shorter, the renewal which was done from time to time will become a continuous operational challenge making organizations have to reconsider the way they handle security, compliance, uptime, and even future-proof cryptography.
Evertrust looks like a complete winner to be able to industry the tide and also to effect the wave with their European-native, integrated PKI + CLM platform and newly secured funding. A lot more organizations, especially those which are under the influence of regulation or national security considerations, will most probably be looking for automated, sovereign solutions in order to be able to handle digital certificates in large numbers.
