Safari will soon reject any HTTPS certificate valid for more than 13 months
Last week, at the 49th CA/Browser Forum, a voluntary consortium of certification authorities, Apple announced that it’ll stop allowing HTTPS certificates on Safari with more than 13 months of validity, later this year.
HTTPS certificates, based on the latest TLS encryption standards, ensure that your connection to a particular website is safe and secure.
Any certificate issued after September 1, with more than 398 days of validity, will be rejected by Apple‘s browser. That means, when you visit a site with such a certificate, you’ll see a privacy warning. However, as a developer, if your website’s certificate was issued prior to September 1, you won’t be affected.
[Read — Pardon the Intrusion #11: No more passwords]
As the Register noted, sites like GitHub and Microsoft have certificates with two-year validity. Under Apple’s new rule, these sites will be rejected if these companies will get another two-year certificate after August.
Earlier, certificate authorities used to issue certificates with more than five years of validity. In 2017, the maximum cap of validity was reduced to 825 days.
For end-users, this means that the sites you’re visiting have the latest encryption and security standards to keep your data private.
Michal Špaček, a security developer, noted on his blog that often browsers omit online certification checks in order to speed up a site’s loading time. So, capping a certificate’s validity is a good move.
For developers and site owners, this move may increase the workload of managing certificates. Some third-party certificate authorities such as Let’s Encrypt provide multi-year certificates with auto-renewal tools. However, critics noted that Apple’s move might increase reliance on such companies and make personal hosting difficult.