Starting September 1st, Apple's Safari browser will no longer trust SSL / TLS site certificates with a validity of more than 398 days. (This is the equivalent of a one-year certificate plus the renewal grace period). Other types of SSL / TLS certificates, including intermediate and root certificates, will not be affected.
SSL / TLS certificates issued before September 1st, 2020 are not affected by this change. They will remain valid (except for revocation or any other circumstance) for the entire two-year period and will not need to be modified or replaced. All certificates issued from September 1st onwards will need to be renewed annually for Safari to continue trusting them.
Apple announced its unilateral decision at a CA / Browser Forum (CA / B Forum) meeting on February 19th, which is the industry standards group composed primarily of certificate authorities and major browsers.
The theory is that by requiring SSL / TLS certificates to be renewed more frequently, security updates made to certificates are also applied more quickly. It also theoretically makes websites more secure by ensuring that new keys are generated regularly.
SSL / TLS site certificates used to have a maximum validity of five years (for domain and organization validated certificates). However, a compromise was eventually reached that led to the certificate validity being reduced to a maximum of three years and then limited to two years.
Last year, Google's representative to the CA/Browser Forum presented a motion to limit certificate validity to one year, a motion that was rejected. Notwithstanding this, Apple, which is part of the CA/Browser Forum, unilaterally decided to apply that rule. Safari is one of the leading web browsers on the Internet, as shown in the chart below.
Image courtesy of Statcounter: https://gs.statcounter.com/browser-market-share/all/argentina