Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ICTSupportGuy
ICTSupportGuy Author
User level: Level 1
8 points

Does Apple's upcoming 1 year/825 day certificate limit apply to certificates issued from private Certificate Authorities?

Hi,

Apple's certificate documentation implies that the changes only apply to public CAs, as below.

https://support.apple.com/en-us/HT211025


"This change will not affect certificates issued from user-added or administrator-added Root CAs.

This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS"


However, reading 3rd party websites imply the changes will impact private CA's as well:


https://www.digicert.com/position-on-1-year-certificates/. It states "Certificates that are not publicly trusted can still be recognized, up to a maximum validity of 825 days." Is this statement correct?


Please clarify whether private CAs are impacted?

Thanks

Posted on Apr 30, 2020 8:14 AM

Reply

Similar questions

3 replies
User profile for user: ICTSupportGuy
ICTSupportGuy Author
User level: Level 1
8 points

May 4, 2020 8:26 AM in response to etresoft

I'm referring to internal certificates we issue ourselves for free, rather than DigiCert, Symantec or other public certs. I'm also referring to bog standard certificates, rather than wildcard, EV, etc.


Basically, if I issue a 3 year internal certificate from my corporate CA to my own web server will Apple clients on my internal network trust it?


Thanks

Reply

Does Apple's upcoming 1 year/825 day certificate limit apply to certificates issued from private Certificate Authorities?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up