Six Colors Icon Six Colors

Safari will reject long-lived HTTPS certificates starting September 1  ↦

Dan Moren writing for Six Colors:

News out of last week’s meeting of the CA/Browser Forum is that Apple has announced Safari will no longer accept HTTPS certificates older than about 13 months, as of September 1.

The rationale? Shorter certificate lifetimes are safer, for a variety of reasons. For one thing, it prevents a valid (and perhaps abandoned) certificate from being stolen or misappropriated by a bad actor, then used to trick consumers. While there is a process for revoking known bad certificates, it’s cumbersome and many browsers don’t even check the revocation lists.

This may be annoying to many of us in the short-term (our certificate here at changelog.com is a few years old), but it’s a good thing for the security of the web. Suddenly, Let’s Encrypt’s 90 day expirations look both prudent and prescient.


Discussion

Sign in or Join to comment or subscribe

Jerod Santo

Jerod Santo

Omaha, Nebraska

Jerod co-hosts The Changelog, crashes JS Party, and takes out the trash (his old code) once in awhile.

2020-02-27T15:24:45Z ago

@gerhard we should probably make the switch to Let’s Encrypt as part of our changelog-2020 infrastructure updates. What do you think?

0:00 / 0:00