Depending on Apple, TLS certificates must be valid only for a maximum of 45 days instead of the current 398 days. This is evident in a proposal from Apple. The date reduction should occur between September 2025 and September 2027, with the useful life shortened in phases. Initially there will be 200 days, starting in September 2025, followed by one hundred days a year later. From September 2027, certificates must only be valid for 45 days.
An Apple employee made the proposal during consultations at the Certification Authority Browser Forum (CA/B Forum) on October 9th. The CA/Browser Forum is a consortium of certificate authorities and developers of browsers, operating systems and other PKI applications that is concerned with developing rules for certificates and certificate authorities. A few years ago, the consortium took the decision to reduce the validity of certificates to 398 days .
According to advocates of a shorter lifespan for certificates, this brings all sorts of security advantages. In case of problems with the issued certificates, they will proceed much more quickly than currently happens. Opponents argue that the shorter lifetime causes all kinds of problems, especially when it’s not possible to automatically replace certificates. Apple’s plans generated hundreds of comments on Hacker News and on Reddit . The CA/B Forum will likely vote on the proposal in the coming months.
See the original post at: CisoAdvisor