Configure Private SSL certificate products

Configure private SSL certificate products to automatically meet Apple's updated security policy requirements

Apple is implementing additional security requirements for all SSL/TLS certificates that by design impact private SSL/TLS certificates. See Apple's new compliance requirements for Private SSL certificates.

If Apple iOS and macOS trust is required for your private SSL/TLS certificates, you'll want to make sure your newly issued private TLS/SSL certificates meet the new requirements automatically.

  • Signed with an algorithm from the SHA-2 family (e.g., SHA256).
  • Have a validity period of 825 days or fewer.

Configure private SSL certificate product settings

We recommend configuring your private TLS certificate products settings at the account level. This helps prevent someone in your account from issuing a private SSL certificate not trusted by Apple's iOS 13 and macOS 10.15.

  1. In your CertCentral account, in the sidebar menu, click Settings > Product Settings.

  1. On the Product Settings page, uncheck Configure products by role.

  1. For accounts with multiple divisions, in the For dropdown, select the top-level division.

  1. In the Product column, select Private SSL.

  1. In the Product Settings column, in the Private SSL settings, in the Allowed Validity Periods box, select one or both of these validity periods:

    • 2 Years
    • 1 Year
  1. In the Allowed Signature Hashes box, select one or more of these signature hashes:

    • SHA-256
    • SHA-384
    • SHA-512
  1. Repeat these steps for each private SSL certificate product enabled for your account (e.g., Private Multi-Domain SSL).

What's next

The next time an account user orders a Private SSL certificate, they will only see the selected validity period options and selected signature hash options on the order form.