Apple is reportedly planning to stop trusting SSL certs that issued after Sept. 1, 2020, that are valid for more than 398 days.
Apple announced their unilateral decision at a face-to-face meeting of the CA/Browser Forum (CA/B Forum) on Feb. 19, which is the industry standards group that consists primarily of certificate authorities and several of the major browsers.
While there’s been no formal posting anywhere that we’ve found by Apple about this change, we were able to verify this information with some of our CA partners who were in the meeting. The good news is that this change doesn’t really come as a surprise, and the SSL industry is ready for it — so there won’t be any major impacts to customers or service providers.
The intent is apparently to prevent situations like the SHA-1 debacle where certs that utilized SHA-1 continued to be widely deployed long after that hash function was known to have serious flaws. NIST deprecated SHA-1 in 2011, but major browsers waited until 2017 to disallow SHA-1 certs.