Apple announced during last week’s CA/Browser Forum that Safari will soon reject any HTTPS certificates that expire in any longer than 13 months.
The CA/Browser Forum is a voluntary consortium that began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to web users about the sites they visit.
HTTPS certificates, using TLS encryption, help to ensure the sites a user visits are safe and legitimate. However, just because a site was once safe doesn’t mean that it still is.
Certificate authorities once used to even issue certificates with ten years of validity. In 2017, the maximum length was reduced to 825 days – which many people believed was still too long and failed to offer sufficient protection to web users.
To help tackle the problem, Apple has decided that Safari will reject any HTTPS certificate that has more than 398 days before it expires and display a privacy warning to website visitors.
Several leading websites will currently fall foul of Apple’s decision, including Microsoft and GitHub.
Security developer Michal Špaček highlighted on his blog that some web browsers speed up a website’s loading time by not checking certificates. Špaček suggests visiting this website to see whether your browser checks for certificates or not.
The new rules will affect certificates issued after September 1st. If your current certificate was issued prior to this date, you’ll be ok until it comes to renewal.
By Ryan Daws