CA certificates now 398 days as Apple, Google, and Mozilla insists and strong-arms the entire CA industry into one-year certificate lifespans.
Apple made a decision in the month of February and that decision has ensured Certificate Authority companies accept the default lifespan of TLS certificates to 398 days; starting September 1st, 2020.
What is th CA/B Forum
There is a group known as the CA/B Forum, this is an informal group made up of Certificate Authorities (CAs), the companies that issue TLS certificates used to support HTTPS traffic, and browser makers.
CA certificates now 398? What could go wrong?
CA certificates now 398 days in lifespan means from September 1st, 2020 browsers that you use like Safari, Google Chrome and Mozilla Firefox will show errors.
That is for TLS certificates that are new and have a lifespan longer than 398 days.
In the CA/B forum, they discuss upcoming rules until they all reach a common ground and rules are passed to members for implementation.
So what happens after SEPTEMBER 1st, 2020?
For certificate authorities: If you want the TLS certificates you issue after this date to be recognized in Apple, Google, and Mozilla browsers, the certificates must not have a lifespan that exceeds 398 days.
Anything more, the certificate will issue an error and connections will be dropped.
For website owners: You will have to renew TLS certificates yearly, instead of the usual two years or more.
For end-users: You might see more HTTPS errors in their browsers.
![\"SSL](\"https://krustylab.com/wp-content/uploads/2020/06/ssl-post-header-image-1024x102.jpg\")
Post Credit: Zdnet