Starting September, Apple Won’t Support SSL & TLS Issued for More than 398 Days

From September 1 onwards Apple’s browser Safari will not support SSL and TLS certificates issued for periods longer than 398 days.

This is the equivalent of one year, with the renewal grace period included. The reason for this change is improving web security, as Apple explained in an announcement released earlier this year.

Who is affected by Apple’s change of certificate validity?

TLS server certificates issued by the Root CAs (certificate authorities) preinstalled with iOS, iPadOS, macOS, tvOS, and watchOS. In addition, this change regards TLS server certificates issues on September 1, or after this date, 2020. Certificates issued before this dare are not affected.

Since Apple is enforcing this immediately, any connections to TLS servers that don’t meet the new requirements will be denied. Furthermore, Apple is not the only company embracing such a change. Google and Mozilla followed with their own suggestions of the same length of certificate validity.


Also Read Setup and Install an SSL Certificate The Easy Way


Here are several important notes that Apple shared in the announcement earlier this year:

– Validity period is defined in line with RFC 5280, Section 4.1.2.5, as “the period of time from notBefore through notAfter, inclusive.”
– 398 days is measured with a day being equal to 86,400 seconds. Any time greater than this indicates an additional day of validity.
– We recommend that certificates be issued with a maximum validity of 397 days.
– This change will not affect certificates issued from user-added or administrator-added Root CAs.

Why are companies enforcing this change concerning the life cycle of certificates? One reason is the safety of their users. It can be quite challenging to replace certificates with longer lifespan, especially when facing security incidents. T

his may be considered an effort in avoiding the prolonged response to security threats. In addition, certificates with shorter lifespan can reduce the window of exposure in case a TLS certificate is compromised in any way.

Researched and created by:
Krum Popov
Passionate web entrepreneur, has been crafting web projects since 2007. In 2020, he founded HTH.Guide — a visionary platform dedicated to streamlining the search for the perfect web hosting solution. Read more...
Technically reviewed by:
Metodi Ivanov
Seasoned web development expert with 8+ years of experience, including specialized knowledge in hosting environments. His expertise guarantees that the content meets the highest standards in accuracy and aligns seamlessly with hosting technologies. Read more...

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HTH.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust HTH.Guide for reliable hosting insights and sincerity.