First Last Prev Next    This bug is not in your last search results.
Bug 50471 - Consider decreasing "ssl/default/days" default for OS X compatibility
Consider decreasing "ssl/default/days" default for OS X compatibility
Status: NEW
Product: UCS
Classification: Unclassified
Component: SSL
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
: 55611 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-08 09:51 CET by Timo Denissen
Modified: 2023-01-31 21:49 CET (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Timo Denissen univentionstaff 2019-11-08 09:51:19 CET 
It should be considered to decrease the default value of "ssl/default/days=1825" to maintain compatibility with Safari/Chrome-clients running on OS X 10.14/10.15.

We had the case of a certificate valid for 1825 days which was declined by Safari and Chrome on OS X 10.15 with "NET::ERR_CERT_REVOKED" as error message.

The certificate was definitly not revoked and freshly re-created.

After re-creating the certificate with a validity of 824 days, neither Safari nor Chrome had a problem and granted access to the webpage via HTTPS.

As stated on https://support.apple.com/en-us/HT210176, certificates issued after 2019-07-01 may no longer be valid for more than 825 days.
Comment 1 Philipp Hahn univentionstaff 2023-01-31 15:41:04 CET 
*** Bug 55611 has been marked as a duplicate of this bug. ***
First Last Prev Next    This bug is not in your last search results.