Safari to Limit SSL/TLS Certificate Validity to One Year

Alumni

On February 19th of this year, Apple made a fairly big announcement during a face-to-face meeting of the CA/Browser Forum (CA/B Forum). This forum is where the industry standards group convenes, and it consists mainly of certificate authorities as well as several of the major browsers.

Apple safari ssl 1 year validity

On February 19th of this year, Apple made a fairly big announcement during a face-to-face meeting of the CA/Browser Forum (CA/B Forum). This forum is where the industry standards group convenes, and it consists mainly of certificate authorities as well as several of the major browsers.

Apple announced that on September 1, 2020, Safari, the default browser on Apple’s macos, as well as the browser on the iPhone, will no longer trust SSL/TLS leaf certificates with validity of more than 398 days (this number derives from 365 days plus the grace period commonly offered). Intermediate and root SSL/TLS certificates, along with some others, will be unaffected.

So what does this news actually mean and why is Apple doing this?

To Improve Website Security

Shortening the validity of SSL/TLS certificates means that they will have to be renewed and implemented on websites more often. Theoretically, this improves a website’s security because new keys are being generated more often. Also, security updates made by certificate providers should be released at a quicker rate. Basically, the shorter the validity period of an SSL/TLS leaf certificate is, the more secure it should be.

This trend isn’t something new - certificate validity periods have been cut down in the past. They used to be valid for 5 years, but were reduced to 3 years, then to 2 years. The proposal for 1 year validity certificates was initially introduced by Google’s Ryan Sleevi at last year’s forum, but ultimately was shut down.

This change is driven by new services, like LetsEncrypt, which issue free certificates that expire after only a few months, coupled with software that automatically renews and redeploys those certificates. This provides a largely “set it and forget it” approach to SSL/TLS certificates, while also improving the underlying security.

What do Website Owners & Admins Need to Know?

One important thing for website owners and admins to note is that any SSL/TLS certificates issued prior to Sept. 1, 2020 are not affected by this change. Websites with these certificates will remain trusted by Safari for their entirety. Only certificates issued on or after Sept. 1 will need to be renewed each year to remain trusted.

The most important action for website owners and admins to consider is to revise their current operational plan regarding security and certificates to ensure everything is renewed and implemented properly each year. Some certificate providers have even started offering multi-year subscription plans for certificates. For example, these providers give website owners the option to purchase a longer subscription where the certificate would be automatically renewed each year. All that would need to be done is updating the SSL/TLS certificate as the old one expires.

In Summary

Although Apple was the first to take the leap with changing the validity of SSL/TLS certificates to 1 year, it’s very likely the rest of the major browsers will be following this trend in the near future. Overall, this change does offer security benefits, and with the new subscription model certificate providers are starting to roll out, it shouldn’t cause website admins / owners any problems in the long term. That is, as long as they update their current security plans and procedures accordingly.

As always, if you have any questions about your current SSL/TLS situation and would like a bit more detail, just reach out to our team. We’d be more than happy to help. Cheers!

Contents

  1. To Improve Website Security
  2. What do Website Owners & Admins Need to Know?
  3. In Summary

Tags

Next Article

Product Page Features Mast

7 Ways to Optimize Your Ecommerce Product Pages

Our Path to Purchase Map provides key metrics, benchmarks and best practices when evaluating the overall effectiveness of your online catalog. Through the development of this map, we’ve identified 7 critical components the best converting product detail pages have and created an actionable checklist for you to reference on your own product pages.

Read More

This post was last updated on: Feb 15, 2021.