Apple announced this week that the maximum lifetime of trusted SSL/TLS certificates on its devices and Safari browser will be limited to 398 days (about a year and a month). The change, announced by Apple at the CA/Browser Forum meeting in Bratislava, Slovakia, will be in effect for certificates issued after August 31, 2020. (Update: an official announcement of the policy change appeared on Apple’s website on March 3, 2020.)
Apple’s announcement closely follows a failed CA/B Forum vote on one-year certificates (ballot SC22), held in in August, 2019, and reflects an ongoing trend toward shorter certificate lifetimes.
As a result of Apple’s policy change, website owners should begin switching to 398-day certificates on their web servers to avoid trust errors when Mac and iOS users visit their sites. (Apple’s Safari currently has about 17% of the browser market share.)
SSL.com will continue to offer our customers certificate bundles with up to five years of coverage. For orders exceeding 397 days (or any other valid expiration date set by the customer), we issue free replacement certificates upon expiration and re-validation of site ownership throughout the duration of the certificate order. In this way, you can continue to benefit from multi-year discounting while remaining compliant with Apple’s new certificate lifetime requirements.
SSL.com currently offers a number of tools and solutions to help our customers automate and manage their certificates, whether through our certificate management portal, SSL Manager application, or RESTful API.
27-month SSL/TLS certificates issued before September 1, 2020 are unaffected and shall remain valid on Apple devices and Safari for their full lifetimes. Apple’s new limits apply only to certificates issued on or after that date. Please contact Support@SSL.com, call 1-877-SSL-SECURE, or click the chat link at the bottom right of this page if you have any questions or concerns about how Apple’s policy change affects you.