Security News > 2020 > June > Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too
2020-06-30 03:57

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.

"Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.

For developers and site admins, that means if you're creating or renewing certs after September 1, make sure they expire within that time limit, or they won't work as you expect in Safari, on iOS, and with other Apple software.

Apple reckons this policy ensures websites and apps refresh their certs once a year, thus encouraging them to use the latest cryptographic standards, and ensures stolen certs cannot be used for long-running phishing campaigns and other shenanigans as they'll expire soon enough.

After those proposals were shot down in a vote, Apple went ahead anyway with a one-year-max policy and bypassed the industry forum, a move backed by the Chromium team.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/30/tls_cert_lifespan/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110