Can someone help please ?
I have added a certificate authority to keychain access and selected always trust for all compents. See screenshot please.
But when I visit a web site this is a certificate authority for the certificate is not standards compliant and the always trust component is overwritten. How do I correct this ? Please see screenshot
MacBook Air 13″, macOS 13.4
The user may consider reading this Support Article from Apple
refer below
Lists of available trusted root certificates in macOS
An excerpt from above link
" In light of these findings, we took action to protect users in a security update. Apple products no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.
To avoid disruption to existing WoSign certificate holders and to allow their transition to trusted roots, Apple products trust individual existing certificates that were issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19.
They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion. "
The user may consider reading this Support Article from Apple
refer below
Lists of available trusted root certificates in macOS
An excerpt from above link
" In light of these findings, we took action to protect users in a security update. Apple products no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.
To avoid disruption to existing WoSign certificate holders and to allow their transition to trusted roots, Apple products trust individual existing certificates that were issued from this intermediate CA and published to public Certificate Transparency log servers by 2016-09-19.
They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion. "
I suspect this is because Apple has started marking any certificate with a validity period of greater than 398 days as "not standards compliant.
Apple originally claimed that this would not affect manually added ca's (here: About upcoming limits on trusted certificates – Apple Support (AU))
But we have since found this to not be the case. I can not find an official announcement of this policy.
Other digging on this forum seems to imply that for internally managed CA's, the limit is 825 days.
You may what to speak to the IT Department of the University in question or to the Issuer of this Certificate for addition assistance
It is they who have issued this Certificate and it is their responsibility make sure it is compliant with Apply's Requirements for this Certificate
Because the university IT department setup their own CA, thus they issued the certificate that has an expiration date outside the time range allowed by Apple.
Thank you for your response but I fail to see the relevance to my certificate authority which is completely different
do my settings in key chain of always trust not overide the apple settings ?
Based upon the results this computer is experiencing now - No.
certificate is not standards compliant
