iOS 13 SSL ca certificate untrusted (self signed)

Morfio

Hello everybody,

I updated my iPad to iOS 13. Apple has new requirements for ssl certificates: https://support.apple.com/en-us/HT210176

I recreated my certificates like this:

certconfig.txt:

[ req ]
default_md = sha256
prompt = no
req_extensions = req_ext
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
commonName = ca.my.domain.tld
countryName = DE
stateOrProvinceName = NRW
localityName = Bonn
organizationName = My Company
organizationalUnitName = IT
emailAddress = info@myemail.tld
[ req_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
extendedKeyUsage=serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.0 = my.domain.tld

csrconfig.txt:

[ req ]
default_md = sha256
prompt = no
req_extensions = req_ext
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
commonName = ca.my.domain.tld
countryName = DE
stateOrProvinceName = NRW
localityName = Bonn
organizationName = My Company
organizationalUnitName = IT
emailAddress = info@myemail.tld
[ req_ext ]
extendedKeyUsage=serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.0 = my.domain.tld

Create certificate:

# openssl genpkey -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ca.key
# openssl req -new -nodes -key ca.key -config csrconfig.txt -out ca.csr
# openssl req -x509 -nodes -in ca.csr -days 365 -key ca.key -config certconfig.txt -extensions req_ext -out ca.crt

After connecting to the server with this certificate, I get the following error:

"The root CA certificate is not trusted for this purpose"

The QSslError is QSslError::CertificateUntrusted (17).

Has anybody an idea what I'm doing wrong?

Sorry about my bad English.

Thank you all

Morfio

I'm sorry, it works perfectly, I used the wrong (old) certificate in my configuration file :'(

Pablo J. Rogina

@Morfio said in iOS 13 SSL ca certificate untrusted (self signed):

it works perfectly,

so mark your post as solved please! Thanks.