Bug 7449 - Chrome on macOS cannot connect using default certificate
Summary: Chrome on macOS cannot connect using default certificate
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-02 10:33 CET by Pierre Ossman
Modified: 2019-12-10 12:38 CET (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2019-12-02 10:33:06 CET
We can no longer connect to Web Access or Web Admin using Chrome when running on the latest macOS (10.15). It just throws a NET::ERR_CERT_REVOKED right away and there is no way to bypass it.

This seems to be a new issue for 10.15 as we can find several discussions of people having the same issue with self signed certificates after upgrading. We did some work on bug 7401 to better comply with Apple's new requirements, but it doesn't seem to be enough here.

Generating a certificate using make-dummy-cert makes Chrome happy though and you can load the page (after dismissing the warning about an untrusted issuer).
Comment 1 Pierre Ossman cendio 2019-12-02 11:08:27 CET
The issue seems to indeed be the new Apple policy. The name on the certificate doesn't matter. What is crucial is the validity time. 825 days works fine, but 826 does not.

We'd really like to avoid reducing the lifetime of our shipped certificate. The target audience is the users who will not be properly managing their certificates, so it needs to just-work<tm>, even a couple of years from now.
Comment 2 Pierre Ossman cendio 2019-12-02 11:19:15 CET
Reported upstream:

https://bugs.chromium.org/p/chromium/issues/detail?id=1029702

Let's see what they say.

Note You need to log in before you can comment on or make changes to this bug.