Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config changes needed to work with iOS 13 and Mac OSX 10.15 #26

Open
chrissearle opened this issue Sep 29, 2019 · 0 comments
Open

Config changes needed to work with iOS 13 and Mac OSX 10.15 #26

chrissearle opened this issue Sep 29, 2019 · 0 comments

Comments

@chrissearle
Copy link

My certificates stopped working after updating my phone to iOS 13.

After some googling I found this page:

https://support.apple.com/en-us/HT210176

So - they will likely also fail in OSX 10.15 when it arrives later this month.

Note that this only affects the host cert's - my CA cert is still working fine.

I had to make two changes to my ca/host.cnf (and to the config.cnf's generated from it)

  1. Change default_days to under 825 - anything longer gets rejected
  2. Update the [ v3_req ] block

Current:

[ v3_req ]
basicConstraints        = CA:FALSE
keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
<<ALT_HOSTNAMES>>

Updated:

[ v3_req ]
basicConstraints        = CA:FALSE
keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, clientAuth
<<ALT_HOSTNAMES>>

Not sure what you may want to change - the number of days you might want to leave and have a README comment ?

I think the adding of the extendedKeyUsage is OK for everyone - I can see for example my LetsEncrypt certificates all have that.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chrissearle