Apple Proposes Ballot to Reduce SSL/TLS Certificate Validity From 398 Days to 45 Days

SSL/TLS digital certificates are the cornerstone of modern internet security, with over 95% of websites currently using HTTPS encryption to ensure data is not intercepted during transmission between servers and browsers.

Digital certificates previously had a validity period of up to 8 years. However, they pose a potential security risk if the certificate's corresponding private key is leaked, which could still be exploited to launch man-in-the-middle attacks.

For these reasons, the CA/Browser Forum (the industry organization responsible for setting SSL/TLS certificate standards) has already reduced the maximum validity period of certificates from 8 years to 398 days, requiring websites or services to update their digital certificates every 398 days to continue operation.

However, Apple and Google wish to further shorten the validity period of digital certificates to enhance security. Google advocates for reducing the validity period to 90 days, while Apple proposes a more aggressive reduction to just 45 days.

Apple's proposal is currently a draft for a ballot vote, likely to be voted on by members of the CA/Browser Forum in the coming months. If it wins the majority support, the future Apple Safari browser will only support digital certificates with a validity period of 45 days.

Other browsers, such as Google Chrome, may follow suit, potentially transitioning SSL/TLS certificates to a 45-day period. This move would indeed enhance security but could also trouble complex enterprise systems.

Why Reducing to 45 Days Could Cause Issues:

Although there are many tools available for the automated renewal of SSL/TLS certificates, not every website and enterprise can easily deploy automated renewal processes, especially since switching digital certificates can be troublesome for some complex systems.

Hundreds of system administrators on Reddit have complained about Apple's proposal, as the burden of the remaining work after shortening the certificate validity would fall on them, especially if managing multiple websites without automated renewal capabilities.

The stance of CA, the digital certificate issuing authorities, is currently unclear. As a browser developer, Apple effectively has leverage over CA organizations. Even if Apple proceeds unilaterally, the CA organizations must comply, otherwise, their certificates will not be compatible with the Safari browser.

Apple's proposed timeline is as follows:

After September 2025: Reduce the validity of all newly issued SSL/TLS digital certificates to 200 days.
After September 2026: Reduce the validity of all newly issued SSL/TLS digital certificates to 100 days.
After April 2027: Reduce the validity of all newly issued SSL/TLS digital certificates to 45 days.
After September 2027: Reduce the validity period of Domain Control Validation (DCV) technology to 10 days.

CA/Browser Forum(1)Digital Certificate(4)HTTPS(8)Safari(9)SSL(7)TLS(9)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/3745.html

{{userData.name}}

Apple Proposes Ballot to Reduce SSL/TLS Certificate Validity From 398 Days to 45 Days

Apple Ends Support for Safari Bookmark Sync on iOS 10 and macOS 10.12.5 or Earlier

Apple's Harsh Words: Apple Claims Bing is Too Inferior, Making Google the Default Search Engine

Update Now: qBittorrent Patches Serious Security Vulnerability in Latest Version

Apple's Safari Browser Adds Ad Tracking Technology, Continues to Collect Data in Incognito Mode

Apple Rolls Out iOS 18 Dev Beta 5 Update: Enhances Photo App and Introduces Distraction Control for Browsers

CA/Browser Forum Considers Disabling WHOIS Verification for Certificate Issuance Due to Its Unreliability

Google Faces Antitrust Defeat: Exclusive Apple Deal Deemed Illegal

Microsoft Forgets to Update TLS Certificate Again, Causing Website to Fail to Load Properly Over 25 Days Past Expiry

Safari's Support for JPEG XL Ignites a Reevaluation within Chromium: Will the New Image Format Gain Wider Adoption?

Starting November, Google Chrome Will No Longer Trust Entrust CA Certificates Due to Repeated Issues

MAS v2.8: The Ultimate Free Activation Script for Windows & Office

Arc Browser Halts Development: What's Next for The Browser Company?

Microsoft Once Again Delays the Launch of Windows Recall, Citing the Need for Further Refinement

Apple No Longer Requires Developers to Be in the EU for Debugging iOS Alternative Browser Engines/NFC, etc.

OpenAI's ChatGPT for Windows/Mac Client Introduces Advanced Real-Time Voice Features

Apple Allows EU Users to Delete Core Apps Like App Store and Photos in iOS 18.2

Linux Kernel Project Removes Entries of Several Russian Contributors Due to "Compliance Requirements"

Apple Blocks Methods to Bypass AI Restrictions in iOS 18.2 Beta 3, Including Nugget Software