Skip to main content

Apple Changes S/MIME Certificate Validity Period to 1185-Days

Feb

28

2022

Time to read

Read so far

Written by: 

Bruce Morton

Time to read

Written by: 

SSL_Apple-Blog_1000x420

In November 2021, we posted that Apple set the validity period of S/MIME certificates to 825 days. On February 1, 2022, Apple released a policy update that changes the S/MIME certificate validity period to 1185 days. This is just short of 39 months and allows certification authorities (CAs) to continue to issue 3-year certificates.

Apple likely changed their policy based on feedback they received from CAs that are part of the CA/Browser Forum S/MIME Working Group and the PKI Consortium. Many enterprises and governments generate the keys for S/MIME certificates on smart cards. Currently, smart card S/MIME certificates are issued for 3 to 5 years and a reduction to 825 days, or 27 months, would make smart card key generation more costly. This truncated validity period would lead to two possible unfavorable scenarios:

  1. Organizations issuing keys within the software, leading to weaker security, or
  2. Organizations issuing private trust certificates, leading to the loss of relying parties’ trust

Entrust will support our certificate subscribers by continuing to issue S/MIME certificate for 3 years. Subscribers should note that Gmail only supports the maximum of 27-month validity S/MIME certificates, so a 2-year certificate may still be the best option for your business.

For more information see Entrust Secure Email S/MIME certificates.

photo-bruce-morton
Bruce Morton
Director for Certificate Services
Bruce Morton is a pioneering figure in the PKI and digital certificate industry. He currently serves as Director for Certificate Services at Entrust, where he has been employed since 1997. His day-to-day responsibilities include managing standards implementations, overseeing Entrust’s policy authority, and monitoring Entrust Certificate Services for industry compliance.
View all of Bruce's Posts