Ddos 
Apple previously proposed to the CA/Browser Forum—an industry consortium overseeing the management of SSL/TLS certificates—that the validity period for all certificates be reduced to just 45 days. The rationale offered by Apple was straightforward: shorter validity windows would limit the utility of compromised certificates, ensuring that even if a certificate were leaked, it would quickly expire and become useless to attackers.
Historically, SSL/TLS certificates could remain valid for up to eight years. However, after multiple revisions, the current maximum validity has already been reduced to 398 days—just over 13 months. This means developers and organizations must renew their digital certificates approximately once every year.
Apple’s proposal, designated as SC-081v3, has now received formal approval from the relevant governing bodies. In essence, the final decision will bring the certificate validity down to 47 days through a phased rollout process, gradually shortening the lifespan over the coming years.
The proposal passed with majority support. The vote breakdown is as follows:
Certificate Authorities and Related Organizations:
- In favor: 25
- Against: 0
- Abstentions: 5
Certificate Consumers (i.e., major browser vendors):
- In favor: 4
- Against: 0
- Abstentions: 0
The term “certificate consumers” refers to the four dominant browser vendors—Apple, Google, Mozilla Foundation, and Microsoft—all of whom unanimously endorsed the reduction in certificate lifespans. With this consensus, combined with the industry’s approval, Apple’s proposal is now effectively adopted—albeit with slight adjustments to the implementation timeline.
Phased Implementation Timeline:
- Until March 14, 2026: Maximum validity remains 398 days
- Until March 14, 2027: Validity shortened to 200 days
- Until March 14, 2028: Validity shortened to 100 days
- From March 15, 2028 onward: Maximum validity reduced to 47 days
Challenges for Enterprises:
While many tools now exist to automate SSL/TLS certificate renewal, not all websites or enterprises can seamlessly implement such automation. In environments with complex systems, even replacing a certificate can be a cumbersome task.
On Reddit, hundreds of system administrators voiced concern over Apple’s proposal, pointing out that the brunt of the increased operational burden would fall on them. For administrators managing multiple domains, the shortened certificate lifespan could dramatically increase their workload—particularly if automation is not an option.
Related Posts:
- Google will officially close the goo.gl URL shortening service on April 13th
- Kaspersky’s Proactive Audit Offer Rejected by U.S. Amid Ban
- The Safe C++ Extensions Proposal: Strengthening Security in a Complex Ecosystem
About The Author
