Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on February 24, 2020

Safari will soon reject any HTTPS certificate valid for more than 13 months


Safari will soon reject any HTTPS certificate valid for more than 13 months

Last week, at the 49th CA/Browser Forum, a voluntary consortium of certification authorities, Apple announced that it’ll stop allowing HTTPS certificates on Safari with more than 13 months of validity, later this year.

HTTPS certificates, based on the latest TLS encryption standards, ensure that your connection to a particular website is safe and secure.

Any certificate issued after September 1, with more than 398 days of validity, will be rejected by Apple’s browser. That means, when you visit a site with such a certificate, you’ll see a privacy warning. However, as a developer, if your website’s certificate was issued prior to September 1, you won’t be affected.

[Read — Pardon the Intrusion #11: No more passwords]

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

As the Register noted, sites like GitHub and Microsoft have certificates with two-year validity. Under Apple’s new rule, these sites will be rejected if these companies will get another two-year certificate after August.

Earlier, certificate authorities used to issue certificates with more than five years of validity. In 2017, the maximum cap of validity was reduced to 825 days.

For end-users, this means that the sites you’re visiting have the latest encryption and security standards to keep your data private.

Michal Špaček, a security developer, noted on his blog that often browsers omit online certification checks in order to speed up a site’s loading time. So, capping a certificate’s validity is a good move.

For developers and site owners, this move may increase the workload of managing certificates. Some third-party certificate authorities such as Let’s Encrypt provide certificates with auto-renewal tools. However, critics noted that Apple’s move might increase reliance on such companies and make personal hosting difficult.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top