Signed CA is missing CN value breaking ability to trust for SSL on iOS devices #85
Comments
davidalger
added a commit
that referenced
this issue
Feb 9, 2020
… sign SSL certificates Related #85
davidalger
added a commit
that referenced
this issue
Feb 9, 2020
|
For those needing to re-create CA root and re-issue certificates, the following process should be followed:
|
|
Following changes in associated PR, the Warden issued CA now shows up for trusting on iOS devices: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The PEM file generated by Warden during the install process for signing certificates used by Traefik is lacking a CN value thus breaking the ability to install the certificate as a profile and then trust the certificate on iOS devices. Opening the PEM on iOS currently results in an installed profile, but the certificate is not showing up in the list of certificates to be trusted for SSL after installing as a profile.
The following forum thread appears to describe this exact scenario, and indicates the lacking CN value as the culprit: https://forums.developer.apple.com/thread/89568
Information in forum thread should be validated, and the install routine corrected appropriately. As regenerating a CA would require re-signing already present certificates, the regeneration will be left a manual process (cleanup files, run
warden install, etc) and I will plan to call this out in release notes once fixed.Another example of this iOS peculiarity cropping up can be found here: FiloSottile/mkcert#47
The following KB page documents how one is expected to trust a CA for SSL on iOS devices: https://support.apple.com/en-us/HT204477
The text was updated successfully, but these errors were encountered: