Filtering by: private ssl certificates x clear
compliance

Apple's new compliance requirements for Private SSL certificates

Apple recently announced some new security requirements for SSL/TLS certificate that will go into effect with the release of iOS 13 and macOS 10.15. These requirements affect public and private certificate issued after July 1, 2019.

For your public DigiCert SSL/TLS certificates, no action is required.

DigiCert public SSL/TLS certificates already meet all these security requirements. Your public SSL/TLS certificates aren't affected by these new requirements and will be trusted in iOS 13 and macOS 10.15.

What's new?

Apple is implementing additional security requirements for all SSL/TLS certificates that by design impact private SSL/TLS certificates. See Requirements for trusted certificates in iOS 13 and macOS 10.15.

DigiCert private SSL/TLS certificates meet these requirements, if issued by account administrators according to public certificate requirements.

We've provided a list of the requirements below that may affect your private SSL/TLS certificates. These versions of Apple's OS are slated to be released during the fall of this year. This means, you need to prepare now.

New private SSL/TLS certificate requirements:

  • Must use an algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed SSL/TLS certificates are no longer trusted.
  • Must have a validity period of 825 days or fewer. SSL/TLS certificates with a validity greater than 825 days are no longer trusted.

What can you do?

If Apple iOS and macOS trust are required for your private SSL/TLS certificates, verify any private SSL/TLS certificates issued after July 1, 2019 meet their new requirements. If you find certificate that don't meet these requirements, you'll want to take these actions soon: