At the 49th Certification Authority Browser Forum (CA/Browser) meeting, Apple announced that websites with SSL/TLS certificates valid for longer than 398 days, or roughly 13 months, will not be trusted by its Safari browser.
This policy will be enforced on certifications issued on or after September 1, 2020, and signifies a shift by Apple to demand shorter validation periods for SSL certificates. This is no small policy alteration, as it affects any website viewed on the Safari browser, as well as all iOS and macOS devices.
As companies make plans to comply with Apple’s new protocols, ecommerce sites must pay close attention. The SSL certificate change will have a significant impact on their business.
What is an SSL Certificate?
When a website viewed in a browser has an SSL, or Secure Sockets Layer, Certificate (used synonymously with TLS certificates), it shows that the site’s identity has been authenticated and the site has been verified as secure. It is signified with an “https.”
Forbes describes the importance of SSL certificates, noting, “Having an SSL ensures that the sensitive data of your website’s visitors will be transferred over a secure network.”
Because a website’s main objective is to send data to a web browser so it can be seen by the masses, it’s pretty easy to see why an SSL certificate which ensures a secure transfer is a necessity.
Benefits and Drawbacks of Shorter Duration SSL Certificates
Why is this announcement causing such a stir? Well, the current acceptable SSL certificate verification length is 825 days. This move by Apple cuts that timeframe by more than half.
So, many companies, including notable names like Microsoft and GitHub who favour a two-year certificate, will need to alter their certificate renewal strategy. Looking at the move strictly from a security perspective, however, the change makes sense.
As TechRadar points out, “The main goal of the policy is to help improve website security by ensuring that developers use certificates with the latest cryptographic standards while also reducing the number of old certificates that could potentially be stolen and re-used by cybercriminals launching phishing campaigns or malware attacks.”
With the new SSL policy, Apple is hoping users will feel more secure and comfortable using Safari.
Advantages of SSL Certificates for Ecommerce Companies
How does Apple’s announcement impact ecommerce companies specifically?
Well, as Know Techie explains, ecommerce companies need sites with strong data security because they are, “one of the platforms that receive a lot of traffic containing sensitive user information like credit card details, addresses, social security numbers, passwords, and more.”
There are three significant advantages for ecommerce sites with SSL Certificates:
- Security – SSL encryption ensures that all the sensitive data that passes through an ecommerce site is secure.
- Rankings – Google announced that it would give preferential rankings to sites that start with HTTPS. For companies like ecommerce sites that rely on traffic to fuel their revenue, rankings are hugely important.
- Trust – When customers don’t trust a site to be secure, they won’t make a purchase. For ecommerce sites, one of the major hurdles to an online sale is building a base level of trust with potential customers. The HTTPS in the domain will ease customers’ minds that they can shop with confidence.
What Are the Next Steps?
For Ecommerce companies looking to maintain the advantages that come with having an up-to-date SSL certificate, Apple’s announcement is worthy of notice. However, it doesn’t necessarily have to be a cause for concern.
If you need guidance on your SSL certification status and a plan for how to deal with future certificate validation, contact your Pivotree account manager, and we’ll be happy to ensure you’re all set for September.