You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

If I install a self-signed certificate on my iPad with a validity period of 3 years, etc., does that mean that after 398 days, the certificate becomes invalid?

I read the article "About upcoming limits on trusted certificates." (support.apple.com/en-us/HT211025)

I am planning to install a certificate for SSL forward proxy issued by Firewall on my iPad for security check.

I would like to know if the certificate is no longer valid after 398 days if I make the certificate valid for more than 398 days.

iPad Pro (5th generation)

Posted on Mar 19, 2023 10:56 PM

Similar questions

4 replies

Mar 20, 2023 6:38 AM in response to ushiko-tomato

Re-read the article.

That lifetime limit does not apply here. Specifically, due to this detail: “This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS.” A self-signed certificate or a local (private) certificate chain does not fall under that.

As for your question, any commercial cert with a lifetime past the specified limit is rejected.

If you want a ten-year or twenty-five-year self-signed cert, at least as far as Apple platforms are concerned, have at.

If you go that way, and for ease of private root renewal, I’d read up on the certificate serial number mechanism.

Mar 20, 2023 6:06 AM in response to ushiko-tomato

It means the certificate will be considered invalid and will be rejected, entirely, initially, eventually always.

Mar 20, 2023 6:11 AM in response to MrHoffman

Thank you for your reply.

Does this mean that the certificate installed on the Apple device must be set to expire in less than 398 days?

Does it basically mean that it needs to be renewed every year?

Mar 20, 2023 7:25 AM in response to MrHoffman

Thank you so much!!!

If I install a self-signed certificate on my iPad with a validity period of 3 years, etc., does that mean that after 398 days, the certificate becomes invalid?