Shaun Nichols writing for The Register:
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.
That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple’s browser.
What does this mean? At a basic level, the web will be more secure. Certificates can be stolen and misused, tricking browsers and users into thinking that a login screen is a legitimate, secure page when it is actually phishing users. And old certificates are more likely to be using outdated security methods, putting users at risk of having their logins exposed. Ultimately, the end user has very little control over a website’s HTTPS certificates, and old certificates can be a serious security risk. Apple’s refusal to accept old certificates is a benefit to the user.
Website owners have many options for free, secure, and annual encryption options, including Cloudflare and Let’s Encrypt. But an argument could be made that annual certificate renewals also mean website owners are less likely to forget to renew them. If Pizza Emoji can get an HTTPS certificate, anyone can. And everyone should.