Questions tagged [certificate]
Questions about importing/creating and using x509 certificates for SSL, iOS & macOS development. Questions about accessing and using certificates programmatically are off topic.
273 questions
1
vote
0
answers
250
views
pkcs12 file exported with no password doesn't gets imported in macOS Sequoia 15.0 (24A335)
I exported the pkcs12 file which contains the Apple Distribution Certificate with the Private Key on macOS Sonoma 14 with no password.
I was able to import the same on different macOS Sonoma 14 ...
- 111
2
votes
1
answer
1k
views
Always trust localhost certificates
I'm developing an app which with every restart generates new self-signed root certificate.
Safari on my macOS always asks whether I want to proceed.
How can I make safari always trust any certificates ...
- 121
1
vote
1
answer
49
views
Deleting multiple keychains from Keychain Access
On macOS 10.14.6 Xcode 11.3.1 has been busy creating keychains (and keys, and certificates) in an endless loop while trying to "Automatically Manage Signing". It creates keys in new ...
- 2,166
1
vote
0
answers
15
views
curl: (77) error setting certificate verify locations on Catalina [duplicate]
I'm attempting to install Python and AWS tools via curl and keep getting this error:
curl: (77) error setting certificate verify locations:
CAfile: /usr/local/php5/ssl/cert.pem
CApath: none
I have ...
- 165
2
votes
0
answers
136
views
How to install up-to-date SSL certificates on iphone 4/ iOS 7?
My iphone 4 running iOS 7.1.2 and Safari cannot access certain SSL website, e.g. https://letsencrypt.org, presumably because of expired certificates. Installing the profile provided at https://blog....
- 121
0
votes
0
answers
147
views
Can't add a certificate to iCloud keychain
I generated a certificate with developer.apple.com for publishing my app in Apple App Store and downloaded .cer file. Doubly clicked on .cer file, selected "System" at the bottom-right ...
- 157
0
votes
1
answer
52
views
Cannot find duplicate root CA for development Safari claims to have
I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app ...
- 187
1
vote
1
answer
170
views
How can I extend the Certificate Expiration length for Personal Apps?
I'm a small, independent developer, and like many of you, I sometimes build apps primarily for my own use. One major pain point I've run into repeatedly is the expiration of Apple's development ...
- 565
0
votes
0
answers
75
views
AppAttest -- Can a Swift program that uses DCAppAttestService be run on Linux? [duplicate]
I need to be able to run the code that issues an Apple attest but not on Apple OS -- on Linux. Or, at the very least, on a MacOS VPS -- not a physical device.
import DCAppAttest
func ...
0
votes
0
answers
30
views
Digital Certificate
I have got a digital certificate from com.apple.kerberos.kdc and I would like to know if it is recognized as legal signature. I have to enroll it in a financial system and it asks details: Digital ...
0
votes
1
answer
43
views
Granular control over certificate trust settings
TL;DR I'm looking for a way to granularly control whether MacOS trusts a certificate for each individual purpose specified in the Basic Constraints (2.5.29.19), Key Usage (2.5.29.15), and Extended Key ...
- 193
1
vote
0
answers
154
views
Root CA on Apple Watch / watchOS
How can I install my own custom Root CA on an Apple Watch?
I know how to do it on iOS/iPad OS (→ I use Apple Configurator 2) and I also know how to do it for macOS as well as for Firefox.
However, I ...
- 11
1
vote
1
answer
175
views
Can I generate Apple Wallet passes for other businesses?
My idea is to help small businesses without an IT infrastructure to generate Apple Wallet passes for their customers to identify them later. All the data would be stored in my database and will be ...
- 13
1
vote
0
answers
52
views
S/MIME certificate not trusted
I actually own a S/MIME certificate for my e-mail address. I got no problem installing it on my Mac, and it perfectly works with Apple Mail (except the encryption icon that is greyed out, but I don't ...
- 11
2
votes
0
answers
1k
views
Adding own certificate authority to macOS
I currently facing the problem that I created a certificate authority certificate and would like to add this custom CA to macOS.
The general way would be to add it to the "System" area in my ...
- 21
1
vote
1
answer
1k
views
'The server identity of ttotaliampleton.com could not be verified.' Why is that?
This pop-message just comes out of nowhere. How can i fix this? Is it a bug?
- 13
0
votes
0
answers
382
views
How can I get pip3 to find my root certificate in macOS?
I am trying to use pip3 to install matplotlib. My company's root certificate is at ~/Documents/the-certificate-name.cer. The output is:
myprompt % pip3 install matplotlib
ERROR: Could not install ...
- 163
1
vote
0
answers
104
views
AirPrint authentication using client certificate
Is the AirPrint authentication via client certificates supported in iOS 16.1?
Bonjour specification defines an "air" key in the TXT record with a "certificate" as a valid option. ...
- 111
1
vote
1
answer
221
views
How to sign an application bundle with the same display name as the installer package?
I can sign a bundle with "Mac Developer" identity which is connected to my Apple account user name (ie a "person").
I can sign the package (.pkg) that contains the bundle with a &...
- 113
1
vote
2
answers
175
views
How to stop keychain / Safari from storing identity preferences?
I have several digital certificates installed in my computer running macOS and stored on my keychain. Certain websites (normally from Spanish government) require user identification through these ...
- 115
1
vote
0
answers
1k
views
Make iPad trust my HTTPS certificate signed by CA that I created and have added to iPad
Everything is in my LAN. I created a CA certificate using XCA. On Windows and Android, I could install the CA's ".cer" file system-wise. Chrome-based browsers said that the HTTPS certificate ...
- 2,049
7
votes
2
answers
11k
views
Mac: Import .p12 certificate into the Keychain via command line
I'm trying to import .p12 certificate into the keychain on my Mac via bash script. So far, I've been trying:
sudo security import command.
It returns that import was successful but, in fact, it ...
- 171
1
vote
0
answers
2k
views
Previously trusted WiFi now asking me to select a certificate but the list is empty
I had this WPA2 Enterprise WiFi saved on my MacBook since forever, and the certificate was trusted first time I connected to it.
Suddenly the MacBook seems to have automatically forgotten the network (...
- 173
2
votes
1
answer
2k
views
How do I import a .pfx certificate into my iphone?
I have iphone 13, but downloading the single .pfx certificate didn't show any option to install it, the guides on the internet suggest mailing it, so I've tried sending it to my gmail but that also ...
- 125
0
votes
1
answer
304
views
Missing certificates after upgrading offlineimap
I upgraded offlineimap via Homebrew and it is now now 8.0.0 with Python 3.10. Now I am missing the certificates:
ERROR: Unknown SSL protocol connecting to host 'imap.mail.eu-west-1.awsapps.com' for ...
- 1,099
0
votes
1
answer
1k
views
Apple mail can't verify certificate
I have set up a local mail server on our NAS to backup mails.
For some time now Apple Mail can't verify the certificate.
I found this Apple help post: https://support.apple.com/guide/mail/trust-a-...
- 251
2
votes
0
answers
2k
views
Codesign: The specified item could not be found in the keychain
I am trying to codesign one VST plugin in Terminal. I added a self-signed certificate to the login keychain. I try to codesign using the following command:
sudo codesign --force --deep --sign Ozone\ 9\...
- 121
2
votes
1
answer
584
views
iOS distribution certificates expiring for two apps from same team: Do I need to take separate actions?
I have two apps both associated with the same development team, and I've gotten notifications for both of them that Your iOS Distribution Certificate will no longer be valid in 30 days. I got these ...
- 481
4
votes
1
answer
7k
views
How do I view the TLS certificate in iOS 15 Safari?
How do I view the TLS certificate in iOS 15 Safari?
I tried every button on the tool bar, and still couldn't find the view cert option.
- 1,852
0
votes
0
answers
1k
views
Cannot delete duplicate certificate
I have a duplicate certificate in my keychain which I cannot seem to be able to delete. If I delete it from the keychain app by first unlocking the system keychain and then right clicking and ...
- 822
0
votes
1
answer
776
views
Add self-signed certificate
I would like to access my Synology NAS via HTTPS, but don't have the money to buy a certificate. I've read that you can generate your own and manually trust it. So after following the step here, I ...
- 2,953
0
votes
2
answers
5k
views
Many sites are displaying SSL Certificate invalid but their date is in the future and the computer's clock is fine
I reinstalled an old 2015 Apple computer today, and I ran into a few issues.
During system install, it failed because of some SSL issues, and I had to change the system's clock to prior 2017 for the ...
- 139
1
vote
0
answers
276
views
Export x509 Certificate from iPad
Question: Is there a way to export a public certificate from an iPad running the latest iOS? (PEM formatted Base64 if possible)
Scenario:
AirWatch manages our iPads.
There is a profile configured to ...
- 111
0
votes
2
answers
2k
views
Install a package with an expired certificate
I just noticed I can double-clik, open and install a .pkg package installer that has an expired certificate without any popup like "This package is from an developer whose certificate has expired&...
- 183
1
vote
1
answer
559
views
macOS - How do I change cert trust state from command line?
My workflow involves changing a cert installed in the system's trust states between 'Use Custom Settings' and 'Never Trust' (see the Keychain Access screenshot below).
How do I do this from command ...
- 1,852
0
votes
0
answers
168
views
There is an unknown developer's iPhone Distribution certificate in my keychain. Where does it come from?
I'm an iOS developer, and today I noticed that in my project's build settings, Xcode suggests a Code Signing Identity that I have never seen before. Turns out there is an iPhone Distribution ...
- 141
0
votes
2
answers
991
views
Is importing just the CA certificate to Keychain Access enough for trusting certs issued with that CA?
I've created a PKI with easy-rsa. I create keys for websites and sign them with my CA certificate. I imported the CA certificate into Keychain Access, clicked the cert name, and specified "...
2
votes
2
answers
6k
views
How to delete Self-Signed certificate from System Keychain (Big Sur)
I just can't find a way to delete the Self-Signed Root CA from Keychain under System.
When I open KeyChain I select System under System Keychains. Then I click on the File in menu and then click on ...
- 131
7
votes
1
answer
2k
views
Can I disable the certificate pinning checks on MacOS to relax proxy inspection detection?
I'm behind a proxy and some websites don't work, in particular ones related to MacOS update, app store etc. I imported the proxy certificate to the MacOS keychain.
When I go to https://apps.apple.com ...
- 71
1
vote
1
answer
2k
views
Where can I find the syntax for macos spctl (gatekeeper) rules?
I'm trying to code-sign an electron app for submission to the "Mac App Store". As expected, it has been a tremendous pain for 101 reasons.
However, I have now discovered a ray of light in ...
- 123
2
votes
3
answers
324
views
How can we restore Apple silicon Mac hardware on networks secured in an enterprise environment?
Is there some way to do a full IPSW restore in an enterprise environment?
In our case this means no DHCP and behind a proxy. Other machines all have a fixed IP and proxy certificate installed. But ...
- 21
1
vote
1
answer
1k
views
Find trust setting of a login keychain using cmd
Is there a way to find the trust settings of a certificate in login keychain using command line
I tried this security dump-trust-settings -d. But this only returns for the System Keychain
Also when i ...
- 131
1
vote
0
answers
66
views
macOS 11.6 "DST Root CA X3" certificate warnings
System: macOS 11.6.1
For an internal domain with Let's Encrypt, I am still getting outdated certificate warnings on Safari and Chrome. Firefox with its own store is fine.
I checked Keychain Access and ...
- 141
0
votes
1
answer
30
views
Mail.app refuses to send e-mail
I have just upgraded to Monterey (12.0.1 (21A559)), and cannot send e-mails. Mail.app tells me that the certificate is not valid.
We own our own domain and host the primary MX here, and this worked ...
- 21
0
votes
1
answer
564
views
Certain SSL Websites not loading in Chrome, Safari, Curl
I'm trying to open bisonbrew.com but am getting ERR_CONNECTION_RESET with Chrome, and with Safari:
'Safari can't open the page "https://bisonbrew.com" because Safari can't establish a ...
- 123
1
vote
1
answer
720
views
Viewing certificates in certificate chain conveniently in MacOS from finder
In the MacOS finder, there is a convenient viewer for certificates, with the "icon" view
. If the file contains a single certificate, it formats and displays the certificate very nicely, e.g....
- 252
11
votes
1
answer
6k
views
App / curl still getting certificate expired error due to expired Let's Encrypt certificate
An open source app running on my macOS 10.13.6 and 10.14.6 system is failing to access a website via https that uses a Let's Encrypt certificate. If I use curl to access the same site, it also gets an ...
- 2,760
7
votes
3
answers
6k
views
iOS: Safari "could not establish a secure connection to the server"
When I try to access our dev sites, I get this error on my iPhone X running the latest general release of iOS 15. Now 15.1.
Safari cannot open the page because it could not establish a secure ...
- 120
9
votes
2
answers
10k
views
iOS marked a certificate as "Expired" even though the certificate is still active and issued by a trusted authority
I am having a strange issue I cannot find the cause of: I have a website certificate issued on 31.07.2021 by letsencrypt.org and valid until 29.11.2021, however on my main iPhone (iOS 15) I get this ...
- 191
1
vote
2
answers
934
views
How to install an Automator action from unidentified developer?
I downloaded an APN certificate from Certificates, Identifiers & Profiles from the Apple Developer configuration pane. It's an .action file that I cannot open, though.
Do you want to install the &...
- 343