Apple is becoming increasingly rigid in the face of the vulnerability of its devices to being attacked and being able to extract information from its users. It is clear that one of the gateways to cyberattacks is Safari, the browser built into macOS.
The company has just announced that it reduces the acceptance time for the validity of a secure HTTPS certificate from 2 years to 13 months. Anything for our safety is good news.
Apple places a limit of almost 400 days on the duration of validity of an HTTPS certificate, hoping to strengthen security when browsing the Internet. Starting September 1, safari will reject any website hosting an HTTPS certificate that is more than 398 days old. Certificates issued before September 1 will not be subject to change until the date of your next certificate renewal.
It is a good decision. HTTPS certificates are intended to ensure that the connection to that website is secure. If you visit a website with a rejected certificate, Safari shows you a security warning.
For the average user, this change ensures that you can only access with secure websites that have the latest encryption and security standards. Keeping up-to-date in this regard is very important to provide user security, especially financial or health websites, for example.
The announcement by Apple took place at 49 Forum CA / Browser, a voluntary consortium of certification authorities, as published The Next Web. In the past, certification authorities routinely issued HTTPS certificates valid for 5 years. In 2017, this time was reduced to just over 2 years. As of September 1, Apple reduces the acceptance time to 13 months. It is certainly good news.