Security News > 2020 > February > Apple chops Safari’s TLS certificate validity down to one year

Apple chops Safari’s TLS certificate validity down to one year
2020-02-24 11:42

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business.

The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

Assuming CAs don't stop selling the old two-year certificates, Safari users visiting a site on which one was issued will see off-putting 'website not secure' warning messages.

If certificates are a security risk, why not move to even shorter renewal time periods that reduce the window of opportunity?

With increasing automation and adjusted business models that reduce the financial burden, it's possible that even one year might one day sound like a long time for a certificate to remain valid.


News URL

https://nakedsecurity.sophos.com/2020/02/24/apple-chops-safaris-tls-certificate-validity-down-to-one-year/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110