Apple Plans to Boost Safari Security for Sites Using HTTPS Starting September 1
Apple is working to enhance Safari security by enforcing a tighter certificate policy using the HTTPS protocol. The company will implement the changes starting September 1 in order to boost security. If you're not familiar, HTTPS is a secure version of the web protocol HTTP. What this means is that the two-way communication between the user and the server is encrypted.
Apple Is Enhancing Safari's HTTPS Certificate Validity for Improved Security
HTTPS is a significant intermediary that protects from any attacks. For instance, anyone creating a fake WiFi hotspot and then capturing the entire traffic going through it. With the standard HTTP protocol, all content and user data, which includes usernames and passwords, will appear as plain text. With HTTPS, everything will be encrypted. This resists eavesdropping on user data, whereby protecting their privacy.
The company announced the changes at the 49th CA/Browser Forum last week. TNW reports that Apple's Safari browser will begin rejecting HTTPS certificate valid for more than thirteen months and the change will be implemented on September 1 of this year.
Any certificate issued after September 1, with more than 398 days of validity, will be rejected by Apple‘s browser. That means, when you visit a site with such a certificate, you’ll see a privacy warning. However, as a developer, if your website’s certificate was issued prior to September 1, you won’t be affected.
Since a lot of companies get their hands on a two-year certificate, so it will be interesting to see the transition. Take note that Apple's Safari changes will not affect websites which have been issued a certificate before September 1, 2020. Safari will stop loading any websites if the criteria of certificates are not met. Ultimately, end-users will experience enhanced security and keep their data private against potential threats.
What do you think about Apple's Safari changes coming this year? Let us know in the comments.