The Register
From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.
If that sounds familiar, it’s because we told you so in February before the iGiant even formally announced the policy. A month later, it revealed the rules with a few exceptions. For example, this policy applies to certificates issued ultimately from root CAs known to Apple’s operating systems, not user or administrator-added CAs.