Univention Bugzilla – Bug 50471
Consider decreasing "ssl/default/days" default for OS X compatibility
Last modified: 2023-01-31 21:49:23 CET
It should be considered to decrease the default value of "ssl/default/days=1825" to maintain compatibility with Safari/Chrome-clients running on OS X 10.14/10.15. We had the case of a certificate valid for 1825 days which was declined by Safari and Chrome on OS X 10.15 with "NET::ERR_CERT_REVOKED" as error message. The certificate was definitly not revoked and freshly re-created. After re-creating the certificate with a validity of 824 days, neither Safari nor Chrome had a problem and granted access to the webpage via HTTPS. As stated on https://support.apple.com/en-us/HT210176, certificates issued after 2019-07-01 may no longer be valid for more than 825 days.
*** Bug 55611 has been marked as a duplicate of this bug. ***