Apple Notification: Expiry of SSL|TLS Certificates

Cyberattacks on web applications are among the biggest threats to corporate and data security. As services are moved online, cybercriminals are increasingly targeting web applications. 

Apple, as an on-going effort to improve web security, is reducing the lifetimes of SSL|TLS server certificates.

At the 49th meeting of the CA/Browser Forum held in February 2020, Apple announced that they are changing their root embedding policy to require SSL|TLS certificates have a maximum validity period of 398-days. The CA/Browser Forum has previously discussed the 398 days – it reduces the validity period to about one year plus one month to support SSL|TLS certificates before they expire and require renewal.

According to the announcement, the new policy will become effective as from 1st September 2020, and will require that all new certificates issued as of that date may not exceed 398-days. Certificates issued for greater than the restriction, will not be trusted by Safari browsers. Moreover, the root CA certificate may also be distrusted by macOS and iOS, which could provide a more significant impact. Any certificates issued before that date will not be affected by this change.

BIRGER., with its partners, has the expertise and required tools to accompany organisations to embark on a smooth transition process by taking the necessary steps toward certificate lifecycle automation. We will assess in the process of certificate issuance, expirations, revocations, and renewals.

The official Knowledge Base article on this subject found here.

For more information on the topic and our Technology Solutions & Services, please contact us by mail technology@birger.technology.

BIRGER.