Starting in September 2020, Apple has decided that their web browser, Safari, will not trust SSL certificates with a validity more than 398 days. An SSL certificate allows the end user to “trust” a website or service and serves to provide verification that the website’s or service’s identity is what they claim to be. This means that any website or service using a certificate with a validity more than a year will show as insecure within Safari. The current maximum validity period is two years.
The maximum validity period was last modified in 2018 when it was set to two years. An attempt was made to lower it to a year in 2019, but that attempt failed the ballot at the CA/Browser Forum. The CA/B Forum is an industry body that works together to set the baseline requirements that govern Certificate Authorities.
So now that all the technical jargon is out of the way, what does this mean for Apple users? In September of 2020, they may start noticing that several of their websites are now showing as insecure when loaded in Safari. For example, Post-Gazette.com’s SSL certificate has a validity of three years and will display as insecure in September of 2020 for Apple users. “But wait! You said the maximum validity period is two years!”
Any certificate generated in or after March 2018 has a maximum validity period of two years. Post-Gazette.com’s certificate was generated in September of 2017, when the maximum validity period was three years. Post-Gazette.com’s certficiate will be renewed in / before September 2020 because that is when it expires, therefore the new certificate will have a maximum validity period of two years. Their owners could, however, only renew the certificate for a year instead of the maximum two years which would then allow their website to show as secure within Safari.
Most large corporations / websites, such as Google, Facebook, and Amazon, already have their validity periods set to less than a year; don’t expect the most frequented sites on the Internet to start showing up as insecure. This only applies to Apple users who use Safari as their browser of choice. Chrome, Firefox, Internet Explorer, and Edge users will be unaffected, at least at the time of this article.
If you have any questions or concerns regarding the Safari SSL Certificate changes, please contact Plummer Slade at 412-261-5600 x3, or email firstname.lastname@example.org.