Apple browser Safari to ignore TLS/SSL certificates
that are valid for more than 13 months

Apple have made a significant announcement regarding how the Safari Browser treats SSL certificates.  From September 1 2020 certificates older than 398 days will not be accepted as valid.  Older certs, issued prior to the deadline, are unaffected by this rule.

Tim Callan, senior fellow at PKI and SSL management firm Sectigo, stated

“This week Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted TLS [SSL] certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with terms beyond 398 days will be distrusted in Apple products.

“Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates.”

The aim is to improve website security to force developers to use certificates with the latest cryptographic standards while reducing the number of older certificates that may be stolen and used in scams.

In addition if new certificates are broken these will only be in use for up to 398 days and not the original 825 days thus limiting the window of opportunity for attacks.

Dx3Webs supply SSL certificates (linked below) on a yearly subscription which ensures there will be no issues with the changes Apple are introducing.

DX3Webs SSL Certificates

Third party certificates not issued by Dx3Webs will need to be checked to ensure they last no longer than 398 days if due for renewal after September 1st 2020.