When you buy a SSL certificate – to help with the security of your website – you can choose how long you buy it for. Generally you get them for a year but it has been possible to get them for longer amounts of time.

It’s not a big, big deal to get a SSL certificate but in a large organisation it may involve a few people – marketing to know they need to order it, finance to raise a PO or similar, and potentially a developer to install it depending on your inhouse resource. So doing that once every couple of years instead of every year could save a bit of time.

However, Apple have decided that from the 1st September, their browser Safari won’t accept certificates that have a length of more than  398 days (13 months). 

Why won’t Apple accept longer SSL certificates?

When you get a SSL certificate you need to do a few things such as validate your domain and prove that you are who you say you are. For some certificates in the past I’ve actually had to have a phone call from someone issuing the certificate on a phone number they could find in the public domain (rather than one I just gave them). This all helps with the whole point of a certificate – security.

Yes, there’s always the fact that SSL certificates encrypt data whilst it’s in transit but there’s also the fact that they help verify who the website is owned and operated by. By reducing the length of certificates to 13 months, the web giants (as whilst it’s Apple making this move, Google and Mozilla have indicated it’s a change they’ll be making on their Chrome and Firefox browsers soon enough) are keeping a tighter reign on who’s creating certificates.

What happens to my existing certificate?

If you have a certificate that’s longer than 398 days already installed on your website, don’t worry. Certificates tell the browser the date they were installed and validated as well as the date they expire and Apple have said they’re not going to penalise anyone who had a certificate set up before this cut off.

So if you’ve already bought a certificate, or have a renewal pending and were hoping to get a 2 year certificate, you need to have it installed and working on your site no later than the 31st August. You will probably find though that certificate sellers are stopping selling certificates for more than 13 months from today.

If you do manage to get a longer certificate, or set one for more than 13 months up after the 31st August, your website will be marked as insecure or untrusted when a visitor views it.