Questions tagged [certificate]
Questions about importing/creating and using x509 certificates for SSL, iOS & macOS development. Questions about accessing and using certificates programmatically are off topic.
231
questions
2
votes
1answer
86 views
App / curl still getting certificate expired error due to expired Let's Encrypt certificate
An open source app running on my macOS 10.13.6 and 10.14.6 system is failing to access a website via https that uses a Let's Encrypt certificate. If I use curl to access the same site, it also gets an ...
3
votes
0answers
77 views
Safari "could not establish a secure connection to the server"
When I try to access our dev sites, I get this error on my iPhone X running the latest general release of iOS 15.
Safari cannot open the page because it could not establish a secure connection to the ...
7
votes
1answer
2k views
iOS marked a certificate as "Expired" even though the certificate is still active and issued by a trusted authority
I am having a strange issue I cannot find the cause of: I have a website certificate issued on 31.07.2021 by letsencrypt.org and valid until 29.11.2021, however on my main iPhone (iOS 15) I get this ...
1
vote
2answers
70 views
How to install an Automator action from unidentified developer?
I downloaded an APN certificate from Certificates, Identifiers & Profiles from the Apple Developer configuration pane. It's an .action file that I cannot open, though.
Do you want to install the &...
0
votes
0answers
20 views
Safari using wrong smart card certificate
I am trying to use Safari to access a web site that requires a smart card. Unfortunately, the card has 2 certificates on it and the first time I attempted to use the web site, I picked the wrong cert.
...
3
votes
1answer
100 views
Cloning apps on iOS
For some reasons I want to get two similar apps on my iPhone (in fact not similar — different versions). I have already installed this app from AppStore, and I have an IPA file of this app but of ...
7
votes
1answer
4k views
How do I update my root certificates on an older version of Mac OS (e.g. El Capitan)?
I have difficulty reaching various secure web sites. They give me a certificate expired error. They work on Firefox but not Safari or Chrome. They also work on newer versions of macOS (e.g. Catalina, ...
1
vote
1answer
37 views
Different SSL certs being delivered to different platforms
I received reports of an invalid SSL cert on a site that I recently started managing. Testing it on a Linux PC and a Windows PC, I find that the cert being delivered is different from the one ...
1
vote
1answer
247 views
What are the private and public keys associated with an Apple Distribution Certificate?
I'm following this guide on how to generate a new Apple Distribution Certificate, and on the ‘Download your certificate’ page it says
Download your certificate to your Mac, then double click the .cer ...
0
votes
1answer
543 views
Xcode does not detect new Apple Distribution Certificate in my keychain
I generated a new Apple Distribution Certificate for my React Native project because I got an email saying my old one was going to expire. It appears to be in my keychain:
but when I try to upload my ...
0
votes
0answers
19 views
How do I use the `security` command-line tool to change Access Control of a private key?
How do I use the security command-line tool to add an application to allow access to the private key or key chain? or change it to Allow all application to access this item? ›››››››
(I am trying to do ...
0
votes
1answer
27 views
Behaviour of development certificate in apple developer portal and keychain
This is a question regarding Apple Development Certificates. There are two parts:
Part 1: create and download certificates on apple developer portal.
Background:
I can download my teammates ...
0
votes
0answers
22 views
how to I move a certificate
how to do move an appleinccertificate to the keychain? I'm not sure if it is a copy or not. it is currently on the desktop wall.. I've tries to drag and drop but it wouldn't allow it.
0
votes
1answer
503 views
Big Sur Add trusted certificate via command line (Safari Can't establish a secure connection)
I am trying to have Safari stop preventing me from visiting one of my dev machines with an invalid cert.
I am trying to use the solution in this thread but install it using the CLI:
security add-...
0
votes
0answers
34 views
Trying to install very old logitech software on Catalina
I realize this probably won't work, but I'm kinda obsessed at this point.
I bought a Logitech Broadcaster WiFi webcam without realizing it was quite out of date (2013).
I'm trying to get its companion ...
2
votes
1answer
1k views
How can I fix '"HPDM.framework" will damage your computer' on macOS Big Sur?
Since updating to macOS Big Sur, I can no longer print to my HP DeskJet 1010 printer. Each time that I start a print job, I get a dialog with error message that says '"HPDM.framework" will ...
1
vote
2answers
224 views
Invalid certificate for a specific website
When trying to navigate to a specific website (amazon.com in my case) I always get the "NET::ERR_CERT_COMMON_NAME_INVALID" error in Chrome (and equivalent errors in Safari/other browsers). ...
1
vote
0answers
66 views
MacOS Catalina ldap browser supporting certificate authentication?
I’m looking for an GUI based ldap browser here that supports certificate authentication
I previously used softerra on windows.
I’ve looked into: PhpLdap admin, Jxplorer, Ldapadmin tool.
I checked ...
1
vote
0answers
158 views
When and how can I use client certificate authentication on iOS?
I have installed a x509/pfx certificate under profiles in my iOS settings and configured my webserver (nginx) to require this certificate. With Safari on iOS, I can browse to my main page using the ...
2
votes
2answers
1k views
What is the macOS equivalent of Windows certificate store names?
On Windows, when retrieving information about certificates, they come from named certificate stores, such as "Trusted Root Certification Authorities" or "Trusted Publishers" - what ...
3
votes
0answers
252 views
Who creates /etc/ssl/cert.pem in MacOs
While using curl in verbose mode, I noticed the following line in the output:
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
*
I googled and found out that etc/ssl/...
14
votes
6answers
16k views
HP Easy Scan - "HP Scanner 3" will damage your computer
I have been using a HP Envy 4500 printer with my iMac for 2 years using HP Easy Scan - with no issues.
Today I tried to scan a document, when I press the "scan" button on the app a pop-up ...
4
votes
1answer
116 views
Is it possible to develop an iOS application for my own use without having to pay 99$/year?
TL;DR How can I have a permanent profile for my Xcode-developped app on my own iPhone so that I could use it without having to rebuild it from Xcode every 6 days, likely by issuing myself the needed ...
4
votes
0answers
69 views
Protect certificate access with TouchID on iPhone?
I installed a personal X.509 certificate on my iPhone (SE, iOS 14.0.1).
I can use it on websites (in Safari) to authenticate myself, but with no permission check at all. Unlike for example filling in ...
1
vote
1answer
63 views
which certificate/identifiers/profilers should be used for python script to be distributed as a pyinstaller build/bundle outside the app store?
My program works as follows
In a while loop, it checks for the active window change - AppKit library used
from AppKit import NSWorkspace
active_window = (NSWorkspace.sharedWorkspace()....
0
votes
0answers
24 views
Is renting App Store to others for test purpose a good idea?
Recently someone on Upwork post a job for renting an App Store account to test a tour application. The post is like, they need to test an app with so many devices and they are running out of their ...
2
votes
1answer
385 views
Can a self-signed certificate use an IP address for an entry in Subject Alternative Name?
From https://support.apple.com/en-us/HT210176
TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName ...
1
vote
0answers
133 views
Load .pem certificate to Apple KeyChain
When I drag my .pem certificate to the Apple Keychain it shows me "An error occurred. The content of this file cannot be recovered". Also I tried to double-click the .pem file but show me ...
0
votes
1answer
125 views
Trouble generating a p12 certificate for wallet signing
I've been trying to replace an expired p12 certificate which is used for signing AppleWallet passes in PHP.
The problem I'm having is nothing to do with the PHP end of things but getting and exporting ...
3
votes
2answers
1k views
Bypass for the certificate must be valid for 825 days or fewer
Is there a way to workaround issue with certs valid for long time (10 years)?
I work in a corporation where Macs are not common and we have some internal long live certificates.
I know I can add ...
0
votes
0answers
86 views
Root CA certificate invalid on Mac
I have a root certificate authority file that works on Windows computers, but it is not accepted on Macs since macOS Catalina.
The file was imported into Keychain and marked as trusted in its ...
1
vote
2answers
1k views
Client certificate authentication fails with iOS 13.4.1 (works with 13.2.2)
I've previously posted this question and since then further investigated the issue.
The problem seems to be the latest iOS (13.4.1), which fails to send the client certificate upon authentication ...
0
votes
1answer
269 views
Unable to deploy Mobile Config for Active Sync on iOS 13.4.1
I'm trying to deploy a mobile configuration for a number of iPhones. The mobile configuration only includes PKCS12 for the client certificate authentication and the configuration of the MS Exchange ...
1
vote
0answers
75 views
How to fix ERR_SSL_PROTOCOL_ERROR for only one specific site
Working on a site for a client, and for some reason I keep getting the "can't provide a secure connection" error in ALL browsers. Everyone outside me seems to see it fine. If I log in to my work ...
2
votes
0answers
570 views
"Safari can't establish a secure connection" and OmniFocus sync is broken
Symptoms
macOS 10.14.6, Safari 13.1, all updates applied.
Safari refuses to connect to some websites.
Safari Can't Open the Page [...] because Safari can't establish a secure connection to the ...
1
vote
1answer
57 views
Creating SHA-2 certificate using keychain assistant
I am trying to enable https on my localhost (for testing). Using Keychain Assistant, I have created both a self-signed CA and a certificate issued by that same CA. I have enabled trust on the CA in ...
1
vote
0answers
44 views
See letter below: IOS Distribution cert. revoked: What does this mean? I have an app developer developing this APP for me [duplicate]
Any input on the following: I have no idea if these means that we need to simply resubmit our APP, or our they denying our APP for any future development?
Dear Jane Doe,
You have revoked your ...
3
votes
3answers
407 views
Checking Certificates Meet Apple Requirements
is there a command or UI I can use to test certificates or diagnose why they aren't valid?
A while back Apple changed the requirements for TLS certificates, and announced dates from when those ...
1
vote
0answers
585 views
Installed Root Certificate does not appear in Certificate Trust Settings
I have an iPad Pro and an iPhone SE both running iOS 13.3.1
I successfully installed a root certificate on the iPad and was able to "Enable Full Trust for Root Certificates" from Settings/General/...
0
votes
1answer
3k views
Default macOS certificates not trusted and not verified by third party
When I start a new Mac OS system from scratch, inside the keychain application I notice there are 3 certificates that are not trusted or not verified yet. I know I can double click each one of them ...
0
votes
1answer
2k views
cannot sign iOS app in XCode - in a catch 22
I have built then Archived my iOS app now need to submit to Validate and push to app store
xcode says this on main page when checkmark off Automatic signing ... so do manual sign
then picked ...
0
votes
1answer
1k views
Not able to generate private.key file
I am developing MDM solution for that I need to create several certificates. For that I have following this document.
When I'm firing this command, I am getting this error.
openssl rsa -in key.pem -...
2
votes
1answer
164 views
Why are these corporate certificates pre-installed and is it safe to delete/"Never Trust" most/all of them?
I was going through this macOS Security and Privacy Guide repo, step by step, and found some good privacy tips. However, when I arrived at the Certificate Authorities section I got a little confused. ...
4
votes
1answer
67 views
How to access a website despite a certificate error?
I am moving a web server to a new infrastructure. Before switching the DNS records I would like to check if the new configuration is working. I modified /private/etc/hosts/ with the IP addresses (IPv4 ...
3
votes
1answer
2k views
How do I remove a certificate from Certificate Trust Settings if the profile doesn't exist?
If I go to Settings > General > About > Certificate Trust Settings... I see several profiles installed under the "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading.
There is a way to toggle them off, ...
2
votes
2answers
1k views
Signed pkg using productbuild --distribute but codesign says "code object is not signed at all"
I am signing my package during distribution using
SIGN_IDENTITY_INSTALLER="Developer ID Installer: Pxxxxxxx, LLC (AXXXXXXXXX)"
productbuild --distribution final-distribution.xml --package-path /tmp/...
1
vote
1answer
974 views
How to convert a .cer file to .p12 without the keychain password?
I have to "codesign" a distribution certificate inside a .ipa file to deploy an in-house application for a company.
I have access to their developer account. The new provisioning profile had been ...
2
votes
0answers
255 views
How to view expiration date of code signing cert?
I know pkgutil --check-signature and codesign -d -vvv but neither of them show the expiration date. Is there a way to view the expiration date of a code signing cert? Say for instance...macOS ...
0
votes
1answer
600 views
Execute App (Apps Authorization Revoked)
Hello there I am trying to start an app (downloaded from the Internet) on macOS Mojave 10.14.5 though when I double click I get the following pop up message:
“Ascabart” can’t be opened. You should ...
3
votes
2answers
347 views
How to see certificate for intermediate CA in Keychain?
When I check details of a certificate I only see information about the certificate itself. Is there any way to see the issuer’s certificate? In my case it’s an intermediate CA. The certificate that I ...
