Apple browser Safari to ignore TLS/SSL certificates valid for more than 13 months.
Tim Callan, senior fellow at PKI and SSL management firm Sectigo, stated
"This week Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted TLS [SSL] certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with term beyond 398 days will be distrusted in Apple products.
"Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates."
The aim is to improve website security to force devs to use certificates with the latest cryptographic standards while reducing the number of older certificates that may be stolen and used in scams. In addition if new certificates are broken these will only be in use for up to 398 days and not the original 825 days thus limiting the window of opportunity for attacks.
The drawback with this change is primarily an increase in certificate replacement resulting in higher overheads in deployment and renewal and the increased risk of human error.
Dx3Webs will now only supply 1 year tickets to ensure full compliance.
Third party certificates not issued by Dx3Webs will need to be checked to ensure they last no longer than 398 days if due for renewal after September 1st 2020.