Browser vendors and other parties have been trying for some time to get the maximum lifetime of HTTPS encryption certificates reduced in an attempt to increase security. After a couple of failed attempts to reduce certificate lifetime to one year via the Certificate Authority Browser (CA/B) forum, Apple has decided to enforce this change unilaterally. From the 1st of September 2020, Apple will no longer recognise any new certificates with a life-time above 398 days.
There have been a number of driving forces for this change, and browsers vendors have been requesting a maximum lifetime of one year since 2017. The fundamental driving forces behind this change include trying to reduce the risks inherent in the certificate revocation process, allowing client and servers to remove support for legacy certificate features, and to help ensure private key rotation. There has also been a drive in recent years to automate more of the Public Key Infrastructure (PKI), which we will talk about in more detail later in this post.