mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard
verified publisher icon FiloSottile

Apple now requires certs must not have a validity period greater than 398 days.

Open GeoTimber opened this issue 1 year ago • 2 comments

See https://support.apple.com/en-us/102028

GeoTimber avatar Jun 06 '24 18:06 GeoTimber

This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS.

Do you have evidence of this affecting mkcert?

FiloSottile avatar Jun 06 '24 20:06 FiloSottile

Good morning @FiloSottile

I thought I had evidence and then I wasnt so sure any more, that is why my first post here ended up being so very short, my apologies.

I just tested again on Ubuntu 22.04 (KDE NEON) on the master branch and issued a certificate within 398 days and a certificate leaving the expiry as in the last master commit ( 825 days ). Using nginx.

And tested both in IOS 12.4 and IOS 17.1, with the ROOTCA, ( expiry in 10 years ) properly installed

and both work here, so a none issue at the moment as the Apple requirement does not seem to be enforced at the moment.

Thanks for all the good work, un saludo Joris

GeoTimber avatar Jun 07 '24 08:06 GeoTimber