As we reported back in February, publicly-trusted SSL/TLS certificates issued on or after September 1, 2020 with a validity period greater than 398 days will not be trusted by Apple’s Safari browser and iOS/iPadOS/watchOS/tvOS devices.
In response, at a time to be determined in August 2020, SSL.com will limit the lifespan of SSL/TLS certificates to a maximum of 397 days, as recommended by Apple. This will ensure that all certificates issued by SSL.com will continue to be trusted on Apple’s devices and software.
If your certificate was issued before September 1, 2020, it will not be affected by Apple’s policy change. However, when that certificate expires, it should be replaced with a certificate with a maximum lifespan of 397 days.
If you reprocess a two-year certificate after we have switched over to 397-day certificates, the reissued certificate will be limited to 397 days. However, you will be credited by SSL.com for the time remaining on the order. When the reprocessed certificate expires, you can issue a new certificate to cover the time remaining on the order.
Yes! SSL.com will continue to offer our customers certificate bundles with up to five years of coverage. For orders exceeding 397 days (or any other valid expiration date set by the customer), we issue free replacement certificates upon expiration and re-validation of site ownership throughout the duration of the certificate order. In this way, you can continue to benefit from multi-year discounting while remaining compliant with Apple’s new certificate lifetime requirements.
No. Apple’s change only extends to publicly-trusted root CA certificates pre-installed on its devices, including SSL.com’s roots. Root certificates installed by a user or administrator are not affected by the 398-day restriction.