SSL Certificate Validity Limits (47 Days by 2029) and Internal CAs

Question

Level 1

4 points

SSL Certificate Validity Limits (47 Days by 2029) and Internal CAs

Hello Apple Discussions Community,

I’ve come across information suggesting that the maximum validity period for publicly trusted SSL/TLS certificates will be reduced as follows:

200 days starting in 2026
90 days starting in 2027
47 days starting in 2029

Apple’s KB article (https://support.apple.com/en-us/102028) confirms that the current 398-day limit applies only to certificates issued by preinstalled Root CAs, explicitly excluding internal or manually trusted CAs.

Can anyone confirm whether:

The proposed reductions to 200, 90, and 47 days are officially planned or discussed for Apple’s ecosystem (iOS, iPadOS, macOS, etc.)?
Internal CAs will remain exempt from these potential future limits, as they are from the current 398-day restriction?

Any insights from Apple or references to official documentation would be greatly appreciated, as these changes would significantly impact certificate management strategies.

Thank you!

Posted on Sep 9, 2025 1:16 AM

Reply

Answer 1

John Galt

Level 10

156,038 points

Sep 11, 2025 6:22 AM in response to ariankssg

https://www.ssl.com/article/preparing-for-47-day-ssl-tls-certificates/

Reply