We can no longer connect to Web Access or Web Admin using Chrome when running on the latest macOS (10.15). It just throws a NET::ERR_CERT_REVOKED right away and there is no way to bypass it. This seems to be a new issue for 10.15 as we can find several discussions of people having the same issue with self signed certificates after upgrading. We did some work on bug 7401 to better comply with Apple's new requirements, but it doesn't seem to be enough here. Generating a certificate using make-dummy-cert makes Chrome happy though and you can load the page (after dismissing the warning about an untrusted issuer).
The issue seems to indeed be the new Apple policy. The name on the certificate doesn't matter. What is crucial is the validity time. 825 days works fine, but 826 does not. We'd really like to avoid reducing the lifetime of our shipped certificate. The target audience is the users who will not be properly managing their certificates, so it needs to just-work<tm>, even a couple of years from now.
Reported upstream: https://bugs.chromium.org/p/chromium/issues/detail?id=1029702 Let's see what they say.
