At the beginning of the year, Apple announced that its Safari web browser would reject websites whose SSL certificate was valid for more than 13 months. Now with everything that has been going on this year, you would be forgiven for forgetting about this (or let's be honest, not even hearing about it until now) and feeling the sudden pit in your stomach, wondering if your website will start being blocked on certain devices.
The move proposed by the tech giant is part of their plan to ensure that the websites viewed on their browser are following the most up to date cryptographic standards, to help raise the bar of website security. The idea is that the more frequently your SSL certificate is renewed (within reason), the more likely it is to have the most up to date defences in place to protect user data. In comparison, an SSL that only gets updated once a year is more likely to have security risks. This is a move that was initially suggested by Google in 2019 but was voted down in the CA/B Forum (a voluntary group that is made up of SSL certificate providers, companies that develop web browsers, etc).
It is highly likely that proposals such as this will shortly be seen across more browsers, and is merely the first move in the newest push to improve website standards.
So in practice what will this mean for website owners? Well, Apple has stated that all websites with an SSL certificate that is valid for more than 13 months will crash on all Apple devices that use Safari as a browser. This could be a huge issue for website visibility as Safari is the second most used browser (behind Google Chrome in the first position), with 33.22% of users using Safari on both desktop and mobile. Potentially 1/3 of users will not be able to view websites with these long term SSL certificates. Not only could this affect your customers being able to visit your website, but in the long run could even start to drag your search engine ranking down!
The upside? This new rule will only affect new SSL certificates purchased for websites from 1st September, so if you currently have a long term SSL certificate we encourage you to switch to a shorter-term SSL certificate when yours runs out.
Website security is important to us at WebBoss Websites. We pride ourselves on using the ISO 27001:2015 accredited WebBoss.io platform for all of our websites. Which allows us to bring complex security industry measures to your website at no extra cost. This includes short term SSL certificates as standard, for all websites. Our SSL certificates are auto-renewed after 90 days, meaning that you will always have the most up to date protection for your website and gives you one less thing to worry about.
Not, a WebBoss Websites customer? Contact us today to see how we can help to create your ideal website.