GlobalSign Blog

Apple backtracks, won’t disallow 3-year S/MIME certificates (yet)

Apple backtracks, won’t disallow 3-year S/MIME certificates (yet)

After announcing it would ban three-year email security certificates starting April 1, Apple reverses course

At the end of 2021 Apple announced it would no longer allow the use of three-year email security or S/MIME certificates starting on April 1, 2022. Apple can do this, because Apple runs a root program that is integral to the public web trust and its mandates often quickly become industry-wide requirements.

So, that announcement set in motion a series of different events, ranging from behind the scenes work that we won’t bore you with to more visible external actions and customer communications. You may recall seeing something on social media or receiving an email about this from GlobalSign. Perhaps you remember a blog post. Maybe you followed up with someone in your organization about it afterward.

On January 28th Apple announced that they have delayed this requirement based on input from CAs as well as discussion in the SMCWG where certificates profiles are being defined. Make no mistake about it, eventually this change from three-year to two-year max validity on email security certificates is coming. Now that there is an S/MIME working group chartered at the CA/Browser Forum a baseline requirements document will be forthcoming and it will likely shorten validity periods for S/MIME.

But until that day comes, GlobalSign will continue to sell three-year S/MIME and PersonalSign certificates. Originally, we had planned to discontinue issuing them on March 28th, but taking our cue from Apple we’re going to “relax” our policy, too, and will continue to issue three-year S/MIME and PersonalSign certificates.

We apologize for the confusion and will contact you regarding any future updates.

Share this Post

Related Blogs