Apple announced this week that the maximum lifetime of trusted SSL/TLS certificates on its devices and Safari browser will be limited to 398 days (about a year and a month). The change, announced by Apple at the CA/Browser Forum meeting in Bratislava, Slovakia, will be in effect for certificates issued after August 31, 2020. (Update: an official announcement of the policy change appeared on Apple’s website on March 3, 2020.)
Apple’s announcement closely follows a failed CA/B Forum vote on one-year certificates (ballot SC22), held in in August, 2019, and reflects an ongoing trend toward shorter certificate lifetimes.
As a result of Apple’s policy change, website owners should begin switching to 398-day certificates on their web servers to avoid trust errors when Mac and iOS users visit their sites. (Apple’s Safari currently has about 17% of the browser market share.)
SSL.com will continue to offer our customers certificate bundles with up to five years of coverage. For orders exceeding 397 days (or any other valid expiration date set by the customer), we issue free replacement certificates upon expiration and re-validation of site ownership throughout the duration of the certificate order. In this way, you can continue to benefit from multi-year discounting while remaining compliant with Apple’s new certificate lifetime requirements.
SSL.com currently offers a number of tools and solutions to help our customers automate and manage their certificates, whether through our certificate management portal, SSL Manager application, or RESTful API.