Apple has released a new policy, coming into effect later this year, that will prevent its Safari browser from accepting new HTTPS certificates that expire more than 13 months after their creation date. As a result of the new policy, any website using long-lived SSL/TLS certificates issued after the breakpoint will cause privacy errors to be displayed in the manufacturer's browser. iphone. Apple introduced the new policy at a recent meeting of the Certification Authority (CA/browser) Browser Forum in Slovakia. According to those present at the meeting, starting September 1, Safari will not approve any new website certificates valid for more than 398 days and will be rejected. However, old certificates issued before this deadline will not be affected by this new rule. Since Apple made the decision to implement this new policy in Safari, the company will have to apply it to all devices running iOS or macOS. This means that website developers and administrators will be forced to ensure that their certificates meet Apple's requirements, otherwise they will risk losing a lot of visitors to their sites.
One year of TLS certificates
Apple, Google and other members of CA/Browser have considered reducing the lifespan of certificates for months, but the policy has advantages and disadvantages. The main goal of the policy is to help improve website security by ensuring developers use certificates with the latest cryptographic standards while reducing the number of old certificates that could be stolen. and reused by cybercriminals launching phishing campaigns or malware attacks. By increasing the frequency of certificate replacements, Apple will make life more difficult for site owners and for businesses that have to manage these certificates and their compliance. While Apple has yet to publicly announce its new policy, Digicert's Dean Coclin has provided more details about how the policy will affect certificate users in a memo, saying: "What does this mean for certificate users? So that Safari approve your website, you will no longer be able to issue publicly trusted TLS certificates valid for more than 398 days after August 30, 2020. All certificates issued before September 1, 2020 will remain valid, regardless of the validity period. validity (up to 825 days).Certificates that are not publicly approved may still be recognized, up to a maximum validity of 825 days." Through the registry