Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

iOS 13 SSL ca certificate untrusted (self signed)



  • Hello everybody,

    I updated my iPad to iOS 13. Apple has new requirements for ssl certificates: https://support.apple.com/en-us/HT210176

    I recreated my certificates like this:

    certconfig.txt:

    [ req ]
    default_md = sha256
    prompt = no
    req_extensions = req_ext
    distinguished_name = req_distinguished_name
    [ req_distinguished_name ]
    commonName = ca.my.domain.tld
    countryName = DE
    stateOrProvinceName = NRW
    localityName = Bonn
    organizationName = My Company
    organizationalUnitName = IT
    emailAddress = info@myemail.tld
    [ req_ext ]
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid:always,issuer
    extendedKeyUsage=serverAuth
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.0 = my.domain.tld
    

    csrconfig.txt:

    [ req ]
    default_md = sha256
    prompt = no
    req_extensions = req_ext
    distinguished_name = req_distinguished_name
    [ req_distinguished_name ]
    commonName = ca.my.domain.tld
    countryName = DE
    stateOrProvinceName = NRW
    localityName = Bonn
    organizationName = My Company
    organizationalUnitName = IT
    emailAddress = info@myemail.tld
    [ req_ext ]
    extendedKeyUsage=serverAuth
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.0 = my.domain.tld
    

    Create certificate:

    # openssl genpkey -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ca.key
    # openssl req -new -nodes -key ca.key -config csrconfig.txt -out ca.csr
    # openssl req -x509 -nodes -in ca.csr -days 365 -key ca.key -config certconfig.txt -extensions req_ext -out ca.crt
    

    After connecting to the server with this certificate, I get the following error:

    "The root CA certificate is not trusted for this purpose"

    The QSslError is QSslError::CertificateUntrusted (17).

    Has anybody an idea what I'm doing wrong?

    Sorry about my bad English.

    Thank you all



  • I'm sorry, it works perfectly, I used the wrong (old) certificate in my configuration file :'(



  • @Morfio said in iOS 13 SSL ca certificate untrusted (self signed):

    it works perfectly,

    so mark your post as solved please! Thanks.


Log in to reply