TLS certificate lifetimes will officially reduce to 47 days

[fs111]

Load on the underlying infrastructure is a concern. The signing keys are all in HSMs and don't scale infinitely.

[bob1029]

How does cycling out certificates more frequently reduce the load on HSMs?

[timmytokyo]

It's all relative. A 47-day cycle increases the load, but a 48-hour cycle would increase it substantially more.

[woodruffw]

Much of the HSM load within a CA is OCSP signing, not subscriber cert issuance.