cdetar
November 7, 2019, 4:55pm
1
Apple just published requirements for certificates to be trusted in iOS 13 and macOS 10.15: https://support.apple.com/en-us/HT210176
Do LetsEncrypt certs meet these requirements now?
Most of the requirements seem pretty straight-forward; the one I’m unsure of is the requirement concerning ExtendedKeyUsage (EKU) extensions.
1 Like
cpu
November 7, 2019, 5:01pm
2
Hi @cdetar , thanks for the question.
Yes, they do
Let's Encrypt certificates meet this requirement as well. Here's a proof by example using OpenSSL's (gnarly) command line to show the EKUs of the letsencrypt.org
certificate issued by Let's Encrypt:
$> openssl s_client -connect letsencrypt.org:443 -servername letsencrypt.org 2>/dev/null </dev/null | openssl x509 -noout -text | grep -A1 "Extended Key Usage"
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
The id-kp-serverAuth OID
Apple is looking for corresponds with the "TLS Web Server Authentication" usage in the OpenSSL output.
Hope that helps!
8 Likes
system
Closed
December 7, 2019, 5:01pm
3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.