Project

General

Profile

Actions

Feature #9825

closed

Requirements for trusted certificates in iOS 13 and macOS 10.15

Added by Daniel Gutierrez over 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
10/13/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Because Apple has shortened the maximum validity period of TLS server certificates to 825 days on iOS 13 & macOS Catalina (10.15), the default the PFSense CA interface uses (3650 days) should be shortened to 825 days or provide a warning if the user selects the Server Certificate type and the days exceed 825 days.

It may also be desired to update the interface to reflect the new Subject Alternative Name requirements for TLS server certificates as well (because "DNS names in the CommonName of a certificate are no longer trusted").

Requirements for trusted certificates in iOS 13 and macOS 10.15
https://support.apple.com/en-us/HT210176

I became aware of this article because access to pfSense broke for me in iOS 13 & macOS Catalina, and the error messages Safari gives you are generic and misleading (such as "certificate name does not match input" when it does).

Actions

Also available in: Atom PDF