Safari Will Stop Accepting New HTTPS Certificates That Expire More than 13 Months from Their Creation Date from from 1st September 2020

From September 1st 2020 Safari will no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple’s browser.

New website cert valid for more than 398 days will not be trusted by the Safari browser. Older certs, issued prior to the deadline, are unaffected by this rule. By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices.

The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks. Shortening the lifespan of certificates does come with some drawbacks. It has been noted that by increasing the frequency of certificate replacements, Apple and others are also making life a little more complicated for site owners and businesses that have to manage the certificates and compliance.

Let’s Encrypt certificates typically expire after 90 days, and provides tools to automate renewals, so if you are using those you will be fine, if not go get them.. it’s free.

If you are not sure you can check if your sit’s SSL certificate has an expiry of more than 13 months. On Chrome, you can right-click the SSL icon and check the validity of the certificate you use.