Webinar: PKI Insights - The Most Common Misconfigurations in Today's PKI
Schedule a Demo
Blog July 25, 2019 Apple iOS, Certificate Validation, Known Issues, macOS, PKI, Subject Alternative Names

Certificate Requirements for Apple iOS 13 & macOS 10.15

by Jake Grandlienard

When the next iOS and macOS major update arrives this fall to iPhones, iPads and Macs there will be changes that impact environments with TLS certificates not current with standards. Certificates with key lengths shorter than 2048, those signed with a SHA1 algorithm, and certificates without the DNS name in the subject alternative name (SAN) extension will cause errors. Websites in Safari will not load and application functionality will also be impacted.

These changes will be familiar to many that use the Chrome browser as the standard was enforced in Chrome version 58 in April of 2017.  The RFC now being enforced by Apple is RFC 2818 and was published back in 2000.

Other changes include limiting TLS certificate validity to no greater than 825 days and requiring certificates have the ExtendedKeyUsage (EKU) extension with the id-kp-serverAuth OID. This is the Server Authentication (OID 1.3.6.1.5.5.7.3.1) application policy in Active Directory Certificate Services (ADCS) environments.

The most anticipated impact we expect to see for corporate, internal PKI environments is those that are issuing certificates for TLS purposes that are valid longer than 2 years and those certificates without all required subject names specified in the Subject Alternative Name field.

The new requirements affect any certificate issued after July 1, 2019.The Apple announcement can be found here.

Related Resources

  • Blog Graphic indicating ADCS Certificate Authority Renewal Error
    May 31, 2024

    Active Directory Certificate Services (ADCS) Certificate Authority Renewal Error

    Active Directory, ADCS, Certificate Authority
  • Blog Graphic of a secure laptop in a server room protecting certificates
    May 21, 2024

    The Case of the Blank Enrollment Policy

    Digital Certificates
  • Blog Graphic with a gold background with the Globee Awards Gold Winner logo for Public Key Infrastructure PKI Cybersecurity.
    May 10, 2024

    Globee Awards Gold Winner in PKI Cybersecurity!

    PKI, PKI Spotlight

Jake Grandlienard

Jake Grandlienard brings more than 19 years of industry experience as a senior level engineer. Jake is a subject matter expert in PKI, mobile device management software, smart card management software, and Hardware Security Module (HSM) integrations.

View All Posts by Jake Grandlienard

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *