• Menu
  • Select language

Clara Edberg — 01/04/20

New rules for SSL certificates increase security!

In February, Apple announced that they will be implementing a new SSL certificate regulation in their Safari web browser. Certificates must have a short lifespan, in this case 398 days, to be considered valid. This change places higher demands on you as a customer – never before has it been as important to have a centralized and well functioning management of both SSL certificates and domain names. At Dotkeeper, we are pros at this.

Why has Apple decided to shorten the lifespan of SSL certificates from 825 days to 398 days?

Currently, until September 1, there is a max limit of 825 days for SSL certificates, which will be changed to 398 days. An Apple spokesperson says that the decision is based on user security. Some years ago, there were SSL certificates that were valid for up to three years, something that has since changed to two years. Apple means that SSL certificates that are valid for longer than one year cannot be considered secure. Short-lived certificates increase security because they decrease the exposure window in case something was to happen, for example security issues, during the certificate’s validity period. Then, the problem can only continue until the validity period has passed and it is time for a renewal. That means that a certificate with a one-year validity adds to increased security both for you, the website owner, and your users.

Further, Apple also means that the operation of ensuring organizational updates such as company names, addresses, and active domains, is improved if it is done once a year in connection to the SSL renewal.

Having to renew the SSL certificates yearly places higher demands on the person responsible for the domain names, SSL certificates, and the company’s digital assets. A piece of advice to companies and organizations whose domain portfolios require secure and proactive management is to outsource this type of work. This is something we at Dotkeeper can help you with. We have a competent and effective support that will help you streamline this type of work.


What are the practical implications?

What will happen is that on September 1 this year, Apple will consider all certificates with a validity period over one year (technically it is 398 days) to be invalid.

So, after September 1, if you purchase and install a certificate with a two-year validity period, everything will work just fine until someone uses the Safari web browser to enter your homepage. Safari will tell the user/indicate that the page is not secure. In Chrome, Firefox, and other web browsers, everything will be as usual. At least for now. It is not improbable that Google and other web browser actors will follow in Apple’s footsteps.


What do you need to keep in mind?

As mentioned above, this change means that higher demands are placed on the person in charge for these parts at your company. Transferring this responsibility to Dotkeeper minimizes the risks and increases your security with regards to business-critical SSL certificates and domain names. We will help you centralize and manage all of your digital assets in one place! Get in touch at hello@dotkeeper.com or contact your client manager for more information.


Source: https://www.digicert.com/position-on-1-year-certificates/