Apple browsers will reject TLS certificates that are valid for more than a year
Apple has decided not to accept TLS certificates that are valid for more than 13 months in its Safari browsers from September. From then on, TLS certificates may be valid for a maximum of 398 days.
Apple has not yet presented the decision publicly, but made the announcement on Wednesday at a closed meeting of browser makers in the Slovak capital Bratislava, Digicert reports. At that meeting, CA/Browser, Apple said the rule will go into effect in September. This makes it seem like a measure that will apply to Safari in upcoming versions of iOS and macOS.
Apple is taking the measure to protect users, according to a spokesperson at CA/Browser. If a tls certificate is stolen, the period of abuse is shorter if a browser no longer accepts it within a year. Google had previously proposed this measure in the CA/B Forum, but then a majority of members turned out to be against it.
Apple’s move will apply to certificates applied for after September 1 this year, giving website administrators time to adapt. Many sites use Let’s Encrypt, which defaults to 90 days.