Starting September, Apple Won’t Support SSL & TLS Issued for More than 398 Days

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. Who is affected by Apple’s change of certificate validity?

From September 1 onwards Apple’s browser Safari will not support SSL and TLS certificates issued for periods longer than 398 days.

This is the equivalent of one year, with the renewal grace period included. The reason for this change is improving web security, as Apple explained in an announcement released earlier this year.

Who is affected by Apple’s change of certificate validity?

TLS server certificates issued by the Root CAs (certificate authorities) preinstalled with iOS, iPadOS, macOS, tvOS, and watchOS. In addition, this change regards TLS server certificates issues on September 1, or after this date, 2020. Certificates issued before this dare are not affected.

Since Apple is enforcing this immediately, any connections to TLS servers that don’t meet the new requirements will be denied. Furthermore, Apple is not the only company embracing such a change. Google and Mozilla followed with their own suggestions of the same length of certificate validity.

Also Read Setup and Install an SSL Certificate The Easy Way

Here are several important notes that Apple shared in the announcement earlier this year:

– Validity period is defined in line with RFC 5280, Section 4.1.2.5, as “the period of time from notBefore through notAfter, inclusive.”
– 398 days is measured with a day being equal to 86,400 seconds. Any time greater than this indicates an additional day of validity.
– We recommend that certificates be issued with a maximum validity of 397 days.
– This change will not affect certificates issued from user-added or administrator-added Root CAs.

Why are companies enforcing this change concerning the life cycle of certificates? One reason is the safety of their users. It can be quite challenging to replace certificates with longer lifespan, especially when facing security incidents. T

his may be considered an effort in avoiding the prolonged response to security threats. In addition, certificates with shorter lifespan can reduce the window of exposure in case a TLS certificate is compromised in any way.

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.