At the 49th meeting of the Certification Authority (CA)/Browser Forum held in February 2020, Apple announced that it will limit the term of accepted Secure Sockets Layer (SSL) Transport Layer Security (TLS) certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with a term beyond 398 days will be distrusted in Apple products and display privacy errors to end users navigating websites in the Safari web browser (see example error below).
Certificates issued prior to September 1, 2020 will have the same acceptable duration as certificates do today, which is 825 days. Existing two-year certificates will operate correctly for their full duration. No action is required for these certificates. Two-year certificates, if renewed after August 31, 2020, will need to be renewed for one year to remain trusted in the Apple platform.
For customers who have opted to provide CivicPlus with their own certificates, after August 31, 2020, provided certificates must not exceed a validity period longer than 398 days to remain in compliance with Apple certificate trust requirements.
Customers using CivicPlus-provided certificates will not have to take any action. CivicPlus automates the issuance and delivery of individual SSL certificates, each of which is currently one year in duration, to ensure certificates on websites are updated and valid. Also, keeping with security best practices as validity terms are reduced by browsers and certificate authorities, CivicPlus is committed to keeping SSL certificates in compliance with all supported browsers.
For more information on the history and benefits of this change, we recommend reading this article.
The CA/Browser Forum also lists the benefits of reduced certificate lifetimes in the proceedings of their official ballot held in September 2019.