Starting September 1 of this year, the Apple Safari browser will no longer accept new HTTPS certificates with a validity period of more than 398 days. Apple announced its decision at the Certification Authority Browser Forum (CA / Browser Forum).
Therefore, websites that support SSL / TLS certificates issued on September 1 or after September 1 will be rejected by the Safari browser. The changes do not apply to certificates issued before September 1, 2020.
- Country leaders urge governments to end cyberattacks on health systems
- Zoom: Over 500K Hacked Accounts Available on Hacker Forums
Safari’s new policy will affect all iOS and macOS devices, as well as requiring administrators and website developers to make sure their certificates meet Apple’s requirements.
The shortened validity period of the certificate has been discussed between Apple and other members of the CA / Browser Forum for several months. This measure is aimed at improving the security of web sites through the use of certificates by developers with the latest cryptographic standards and reducing the number of old, abandoned certificates that could potentially be stolen by attackers and reused for phishing and malicious attacks.
Reducing the validity of certificates has some disadvantages. Frequent certificate replacement will make life difficult for website owners and companies that have to manage certificates and meet new requirements.
Recall that in August last year, the CA / Browser Forum consortium proposed halving the validity of SSL certificates for HTTPS from 27 to 13 months. It is noteworthy that the initiative to reduce the validity of certificates was presented only a year after it was reduced from 39 to 27 months.