(DC) Certificate Validation limited to 1-year after 9/1/2020
Description
Apple and Google joined forces to reject any certificate generated after September 1, 2020 that has a validation beyond 13 months or 398 days.
The issues going forward are the same that are found in the “The Register” article:
Shortening the lifespan of certificates does come with some drawbacks. It has been noted that by increasing the frequency of certificate replacements, Apple and others are also making life a little more complicated for site owners and businesses that have to manage the certificates and compliance.
"Companies need to look to automation to assist with certificate deployment, renewal, and lifecycle management to reduce human overhead and the risk of error as the frequency of certificate replacement increase," Callan told us.
We need to step our game in working on automation routines that we put together.
Event Timeline
Apr 22, 2020
Jul 15, 2020 Received the following from Sectigo
INDUSTRY MANDATED CHANGE
COUNTDOWN TO ONE-YEAR CERTIFICATES: 34 DAYS
Starting Wednesday, August 19, 2020, Sectigo will no longer be able to offer two-year public TLS certificates due to an industry-wide requirement set by Apple and Google, stating that any two-year TLS certificate issued after August 30, 2020 will be distrusted in their browsers.
Any two-year TLS certificate issued before 12:00am UTC on August 19, 2020 will be valid for two-years (up to 825 days). Beginning August 19, 2020, Sectigo will only be issuing one-year (up to 398 days) TLS certificates.
This only applies to public TLS certificates. Private-root and other types of certificates (e.g. Code Signing Certificates, S/MIME certificates, etc.) will be unaffected and will have the same maximum validity that they have today.
In preparation for this upcoming industry-wide change, we have prepared a few resources for our customers and partners.
Root Causes Podcast: Apple to Drop Support for Two-year SSL Certificates
In addition, Sectigo offers Subscription SSL bundles for our partners and direct customers who purchase certificates through our websites. Subscription SSL does not apply to customers using our certificate management solutions. To learn more about Subscription SSL, click here.
Contact us if you have any questions about how these changes may impact your business.