398-Day Browser Limit for SSL/TLS

[icon name="file-certificate" class="fa-6x"]

As we reported back in February, publicly trusted SSL/TLS certificates issued on or after September 1, 2020 with a validity period greater than 398 days will not be trusted by Apple's Safari browser and iOS/iPadOS/watchOS/tvOS devices.

In response, at a time to be determined in August 2020, SSL.com will limit the lifespan of SSL/TLS certificates to a maximum of 397 days, as recommended by Apple. This will ensure that all certificates issued by SSL.com will continue to be trusted on Apple's devices and software.

[su_divider top="no"]


When do I need to update my server's current SSL/TLS certificate to comply with the new 398-day limit?

If your certificate was issued before September 1, 2020, it will not be affected by Apple's policy change. However, when that certificate expires, it should be replaced with a certificate with a maximum lifespan of 397 days.

I ordered a two-year SSL/TLS certificate from SSL.com before September 1, 2020. What happens if I reprocess it after SSL.com switches to 397-day certificates?

If you reprocess a two-year certificate after we have switched over to 397-day certificates, the reissued certificate will be limited to 397 days. However, you will be credited by SSL.com for the time remaining on the order. When the reprocessed certificate expires, you can issue a new certificate to cover the time remaining on the order.

Can I still order multi-year SSL/TLS certificates from SSL.com?

Yes! SSL.com will continue to offer our customers certificate bundles with up to five years of coverage. For orders exceeding 397 days (or any other valid expiration date set by the customer), we issue free replacement certificates upon expiration and re-validation of site ownership throughout the duration of the certificate order. In this way, you can continue to benefit from multi-year discounting while remaining compliant with Apple’s new certificate lifetime requirements.

My company has a privately trusted root CA. Are privately trusted SSL/TLS certificates subject to the new 398-day limit?

No. Apple's change only extends to publicly trusted root CA certificates pre-installed on its devices, including SSL.com's roots. Root certificates installed by a user or administrator are not affected by the 398-day restriction.

[su_note class="info"]For information on renewing or reprocessing your SSL/TLS certificate, please check out these SSL.com how-tos:

If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase. As always, thank you for choosing SSL.com![/su_note]