User profile for user: ushiko-tomato
ushiko-tomato Author
User level: Level 1
4 points

If I install a self-signed certificate on my iPad with a validity period of 3 years, etc., does that mean that after 398 days, the certificate becomes invalid?

I read the article "About upcoming limits on trusted certificates." (support.apple.com/en-us/HT211025)

I am planning to install a certificate for SSL forward proxy issued by Firewall on my iPad for security check.

I would like to know if the certificate is no longer valid after 398 days if I make the certificate valid for more than 398 days.

iPad Pro (5th generation)

Posted on Mar 19, 2023 10:56 PM

Reply
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
149,395 points

Posted on Mar 20, 2023 6:38 AM

Re-read the article.


That lifetime limit does not apply here. Specifically, due to this detail: “This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS.” A self-signed certificate or a local (private) certificate chain does not fall under that.


As for your question, any commercial cert with a lifetime past the specified limit is rejected.


If you want a ten-year or twenty-five-year self-signed cert, at least as far as Apple platforms are concerned, have at.


If you go that way, and for ease of private root renewal, I’d read up on the certificate serial number mechanism.

View in context

Similar questions

4 replies
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
149,395 points

Mar 20, 2023 6:38 AM in response to ushiko-tomato

Re-read the article.


That lifetime limit does not apply here. Specifically, due to this detail: “This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS.” A self-signed certificate or a local (private) certificate chain does not fall under that.


As for your question, any commercial cert with a lifetime past the specified limit is rejected.


If you want a ten-year or twenty-five-year self-signed cert, at least as far as Apple platforms are concerned, have at.


If you go that way, and for ease of private root renewal, I’d read up on the certificate serial number mechanism.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

If I install a self-signed certificate on my iPad with a validity period of 3 years, etc., does that mean that after 398 days, the certificate becomes invalid?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up