In an effort to improve web security, Apple’s Safari browser will only accept HTTPS security certificates that expire in 398 days or less.
The move has been considered by Apple, Google and others for some time. The hope is that by rejecting older security certificates, it will force website administrators to keep their certificates updated with the latest cryptographic technology, as opposed to using older, less secure certificates. It will also help reduce the impact of a certificate that may have been compromised, unbeknownst to the admin.
The move is not without its challenges, however, as it will create more work for site admins. However, that extra work to keep things current is precisely what will help make the whole system more secure, keeping security forefront in the minds and workflows of admins.
In a post about Apple’s move, Dean Coclin, DigiCert’s Senior Director of Business Development, voiced agreement with the change.
“DigiCert agrees that shorter lifetimes help enhance the security of the ecosystem and has the tools necessary to help our customers automate the certificate lifecycle process,” writes Coclin. “We support short-lived certificates, with lifetimes as short as a few hours for customers with advanced automation capabilities.”