Safari Will Stop Trusting Certs Older Than 13 Months

image

“Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date…” writes the Register.

Long-time Slashdot reader nimbius shares their report: The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected.

Older certs, issued prior to the deadline, are unaffected by this rule.

By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices. This will put pressure on website admins and developers to make sure their certs meet Apple’s requirements — or risk breaking pages on a billion-plus devices and computers… The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks… We note Let’s Encrypt issues free HTTPS certificates that expire after 90 days, and provides tools to automate renewals.

2 Likes