NET::ERR_TLS_CERT_VALIDITY_TOO_LONG for certificates from own CAs

Question

Level 1

4 points

NET::ERR_TLS_CERT_VALIDITY_TOO_LONG for certificates from own CAs

Hi

Starting with macOS 10.15.7 and 11.0.1 the TLS certificate checks have changed. According to https://support.apple.com/en-us/HT211025 the restriction of a maximum cert validity restriction only affects public trusted CAs preinstalled with the OS. But with the above OS versions also certificates from company internal CAs (not preinstalled) are reject if they are longer valid. Safari and Google Chrome browser report the roor "NET::ERR_CERT_VALIDITY_TOO_LONG". Since these browser rely on the OS mechanisms for certificate checking this seems to be a bug in macOS for me.

How can I trust my certificates from the company internal CA again even if they are valid for e.g. 3 years?

Regards,

Ulf

MacBook Pro 13″, macOS 10.14

Posted on Nov 18, 2020 3:23 AM

Reply

Answer 1

K Shaffer

Level 8

35,962 points

Nov 18, 2020 4:27 AM in response to sturmmoewe

There had been some notions about trust certificates, expired, modified; mentioned in ASC's.

Whether or not more of newer content and worth, is a question; a search may (or not) yield.

https://duckduckgo.com/?q=trusted+root+TLS+certificate+updates+apple+authority&t=ffab&ia=web

.Sorry to not be more helpful.!

Reply

NET::ERR_TLS_CERT_VALIDITY_TOO_LONG for certificates from own CAs

Similar questions