Safari will reject long-lived HTTPS certificates starting September 1 ↦
Dan Moren writing for Six Colors:
News out of last week’s meeting of the CA/Browser Forum is that Apple has announced Safari will no longer accept HTTPS certificates older than about 13 months, as of September 1.
The rationale? Shorter certificate lifetimes are safer, for a variety of reasons. For one thing, it prevents a valid (and perhaps abandoned) certificate from being stolen or misappropriated by a bad actor, then used to trick consumers. While there is a process for revoking known bad certificates, it’s cumbersome and many browsers don’t even check the revocation lists.
This may be annoying to many of us in the short-term (our certificate here at changelog.com is a few years old), but it’s a good thing for the security of the web. Suddenly, Let’s Encrypt’s 90 day expirations look both prudent and prescient.
Discussion
Sign in or Join to comment or subscribe
Jerod Santo
Bennington, Nebraska
Jerod co-hosts The Changelog, crashes JS Party & takes out the trash (his old code) once in awhile.
2020-02-27T15:24:45Z ago
@gerhard we should probably make the switch to Let’s Encrypt as part of our
changelog-2020
infrastructure updates. What do you think?Gerhard Lazu
UK
Keep improving
2020-02-27T16:08:45Z ago
We already did, cert-manager handles all certs in the new setup. Try https://ten.changelog.com to see what I mean 😉
Jerod Santo
Bennington, Nebraska
Jerod co-hosts The Changelog, crashes JS Party & takes out the trash (his old code) once in awhile.
2020-02-27T16:11:16Z ago
🔥🔥🔥