A big announcement came out on SSL Certificate validity at the face-to-face meeting of the CA/Browser Forum (CA/B Forum) at Bratislava, Slovakia which was held on 19th February. CA/B Forum is the industry standards group which consists of Certificate Authority (CA) and several of the major browsers.
The announcement stated that starting from 1st September 2020 Apple’s Safari browser will trust an SSL/TLS Certificate with the validity of not more than 398 days (which is equivalent to a one-year certificate plus a renewal grace period).
There isn’t any formal posting from Apple about the announcement. But some of the leading Certificate Authority (CA) like DigiCert, Sectigo posted this news on their blog and social sites.
This news is not very much surprising as back in August 2019, CA/B Forum Ballot SC22 was introduced by Google to reduce the SSL Certificate validity period to one year. But the ballot failed in the Forum, which meant certificate maximum lifetimes remained at two years.
So, why did Apple go for shorter SSL Certificate validity and what all things a website owner or resellers must keep in mind?
Feel free to jump to any section that interests you:
Apple’s spokesperson said that they decided to enforce a shorter certificate lifetime in order to protect users. Apple clearly wants to avoid an ecosystem that can’t be quickly responded to major certificate related threats.
Shorter certificate validity improves security as it reduces the window of exposure in case any SSL/TLS been compromised. It also helps in correcting normal operational churn within the organizations by ensuring yearly updates to identity like company names, addresses, and active domains. Short certificate validity also ensures that a new key will be generated regularly, which will help in keeping websites more secure.
It is necessary that the certificate users must implement these changes, in order to improve the security of the website with shorter certificate validity.
Any SSL/TLS Certificate which is been issued before 1st September 2020 won’t be affected by this change. They will be valid (subject to any unrelated SSL Certificate revocations) for the entire period for which they were issued i.e. 1 or 2 years and don’t need to make any modification or replacement.
But in case of any SSL/TLS Certificate which will be issued on or after 1st September 2020, will have to renew it every year to remain trusted by Apple’s Safari browser.
This means you will have to streamline and improve the existing certificate management practices. Whereas for big organizations, you must use a reliable certificate management solution.
Re-seller can issue a two-year SSL certificate to their customer till 31st August 2020. After the 1st Sept 2020 re-seller needs to issue a one-year SSL to make sure it remains valid in the Safari browser. If any two-year SSL certificate is issued then the re-seller must make sure that it should be re-issued after one-year.
Having discussed Apple’s stand to increase the SSL certificate security by reducing the certificate validity. There are other benefits to buy SSL cert for 2 years.
1. You get more price discount for 2 years contract
2. Less headache of renewing SSL certificate
3. No technicalities for SSL installation for straight 2 years.
4. Completely free technical support assistance for 2 years.
5. No price fluctuation until the validity of your contract.
6. & many more…..
The news to shorten the SSL certificate validity wasn’t a shocker as it was excepted to come in the near future. Earlier also three years of certificate validity had brought down to two years and now we may be heading for one year.
Website owners and a re-seller don’t have to worry about it. There is not going to be a long or tedious process to follow, it is going to be as easy as a cert renewal process. With https.in being your SSL certificate provider you will have the flexibility to renew SSL certificates with few clicks.
Time to say bye-bye to the two-year certificate validity. Gradually, other browsers may also start work towards lessening the certificate validity.
Still worried about the shorter cert validity and how you can streamline your business processes? Talk to us…