Schedule a Demo
Blog July 25, 2019 Apple iOS, Certificate Validation, Known Issues, macOS, PKI, Subject Alternative Names

Certificate Requirements for Apple iOS 13 & macOS 10.15

by Jake Grandlienard

When the next iOS and macOS major update arrives this fall to iPhones, iPads and Macs there will be changes that impact environments with TLS certificates not current with standards. Certificates with key lengths shorter than 2048, those signed with a SHA1 algorithm, and certificates without the DNS name in the subject alternative name (SAN) extension will cause errors. Websites in Safari will not load and application functionality will also be impacted.

These changes will be familiar to many that use the Chrome browser as the standard was enforced in Chrome version 58 in April of 2017.  The RFC now being enforced by Apple is RFC 2818 and was published back in 2000.

Other changes include limiting TLS certificate validity to no greater than 825 days and requiring certificates have the ExtendedKeyUsage (EKU) extension with the id-kp-serverAuth OID. This is the Server Authentication (OID 1.3.6.1.5.5.7.3.1) application policy in Active Directory Certificate Services (ADCS) environments.

The most anticipated impact we expect to see for corporate, internal PKI environments is those that are issuing certificates for TLS purposes that are valid longer than 2 years and those certificates without all required subject names specified in the Subject Alternative Name field.

The new requirements affect any certificate issued after July 1, 2019.The Apple announcement can be found here.

Related Resources

  • Blog
    November 14, 2024

    Microsoft ADCS Vulnerability – CVE-2024-49019 Escalation of Privilege

  • Blog A representation of PKI and digital certificate with a key lying on a blue circuit board
    November 7, 2024

    PKI Insights Recap – Is Your PKI Healthy? The Essential Guide to Comprehensive Assessments

    PKI, PKI Insights
  • Blog
    October 7, 2024

    Preventing ServiceNow-style Root Certificate Outages with PKI Posture Management

Jake Grandlienard

Jake Grandlienard brings more than 19 years of industry experience as a senior level engineer. Jake is a subject matter expert in PKI, mobile device management software, smart card management software, and Hardware Security Module (HSM) integrations.

View All Posts by Jake Grandlienard

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *