[Fed-Talk] Chrome 105 and Long validity certs rejected
[Fed-Talk] Chrome 105 and Long validity certs rejected
- Subject: [Fed-Talk] Chrome 105 and Long validity certs rejected
- From: Noam Bernstein via Fed-talk <email@hidden>
- Date: Mon, 12 Sep 2022 16:14:48 -0400
Does anyone have a clean solution to the fact that some government agencies
still insist on issuing TLS/SSL certificates with validity periods that are
beyond 398 days, and as of Chrome 105 there’s no way to export them (from
Chrome) to Keychain Access to change the trust settings?
Chrome used to let you, but they removed that in favor of their own
certificate viewer which has no export. You can still use Safari, but it’s
cumbersome if you usually use Chrome. In the long term Chrome is supposedly
migrating to their own cert store, not Keychain, like Mozilla, which will
presumably include trust settings separate from the keychain.
Any ideas for now? Trusting the CA certificate in keychain access isn’t
enough, despite the claim in some chromium discussions that the restriction
is only applied to public CAs, not private ones.
Noam
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden