Apple wants to put pressure on website admins and developers to make sure their certificates meet Apple's requirements.
HTTPS certificates are based on the TLS encryption standards. They are made to ensure users' connection to a particular website is safe and secure. And here, Apple announced that it would stop allowing HTTPS certificates on Safari that are more than 13 months of their creation date, later this September 1.
What this means, any website using long-life SSL/TLS certificate issued after that date with more than 398 days of validity, will be rejected by Apple‘s browser.
In other words, Safari will show privacy warning to visitors visiting those websites.
However, if the website’s certificate was issued before September 1, they won’t be affected.
The policy was unveiled by the Apple at the 49th Certification Authority Browser Forum (CA/Browser) meeting.
At the voluntary consortium of certification authorities, Apple suggested that web developers should make sure that their certificates meet its requirements.
As the company has the ability to enforce the rules to all iOS and macOS devices, developers that don't follow can risk breaking their pages on a billion-plus devices and computers.
Earlier, certificate authorities used to issue certificates with more than five years of validity. In 2017, the maximum cap of validity was reduced to 825 days.
Cutting certificate lifetimes has also been proposed by Google, Mozilla and other members of CA/Browser for months.
The benefits include increasing browsers' abilities to improve the security of their users, by ensuring developers use certificates with the latest cryptographic standards. This can also reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and malware attacks.
If hackers and researchers can break into the cryptography in a SSL/TLS standard, short-lived certificates can ensure people migrate to more secure certificates roughly once every year.
While it has benefits, the policy also has some drawbacks.
For example, the shortened lifespan of certificates require developers to frequently replace their certificates, making things more complicated for site owners and businesses that have to manage the certificates and compliance by their own resources. The result is human overhead and an increase risk of error.
As a workaround, web developers may use automation. But critics noted that Apple’s move might increase web developers' reliance on certificate authorities companies that provide auto-renewal tools, which could make personal hosting difficult.