Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. iOS 13 SSL ca certificate untrusted (self signed)
Forum Updated to NodeBB v4.3 + New Features

iOS 13 SSL ca certificate untrusted (self signed)

Scheduled Pinned Locked Moved Solved General and Desktop
3 Posts 2 Posters 1.0k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    M Offline
    Morfio
    wrote on last edited by
    #1

    Hello everybody,

    I updated my iPad to iOS 13. Apple has new requirements for ssl certificates: https://support.apple.com/en-us/HT210176

    I recreated my certificates like this:

    certconfig.txt:

    [ req ]
    default_md = sha256
    prompt = no
    req_extensions = req_ext
    distinguished_name = req_distinguished_name
    [ req_distinguished_name ]
    commonName = ca.my.domain.tld
    countryName = DE
    stateOrProvinceName = NRW
    localityName = Bonn
    organizationName = My Company
    organizationalUnitName = IT
    emailAddress = info@myemail.tld
    [ req_ext ]
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid:always,issuer
    extendedKeyUsage=serverAuth
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.0 = my.domain.tld
    

    csrconfig.txt:

    [ req ]
    default_md = sha256
    prompt = no
    req_extensions = req_ext
    distinguished_name = req_distinguished_name
    [ req_distinguished_name ]
    commonName = ca.my.domain.tld
    countryName = DE
    stateOrProvinceName = NRW
    localityName = Bonn
    organizationName = My Company
    organizationalUnitName = IT
    emailAddress = info@myemail.tld
    [ req_ext ]
    extendedKeyUsage=serverAuth
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.0 = my.domain.tld
    

    Create certificate:

    # openssl genpkey -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out ca.key
    # openssl req -new -nodes -key ca.key -config csrconfig.txt -out ca.csr
    # openssl req -x509 -nodes -in ca.csr -days 365 -key ca.key -config certconfig.txt -extensions req_ext -out ca.crt
    

    After connecting to the server with this certificate, I get the following error:

    "The root CA certificate is not trusted for this purpose"

    The QSslError is QSslError::CertificateUntrusted (17).

    Has anybody an idea what I'm doing wrong?

    Sorry about my bad English.

    Thank you all

    1 Reply Last reply
    0
    • M Offline
      M Offline
      Morfio
      wrote on last edited by
      #2

      I'm sorry, it works perfectly, I used the wrong (old) certificate in my configuration file :'(

      Pablo J. RoginaP 1 Reply Last reply
      1
      • M Morfio

        I'm sorry, it works perfectly, I used the wrong (old) certificate in my configuration file :'(

        Pablo J. RoginaP Offline
        Pablo J. RoginaP Offline
        Pablo J. Rogina
        wrote on last edited by
        #3

        @Morfio said in iOS 13 SSL ca certificate untrusted (self signed):

        it works perfectly,

        so mark your post as solved please! Thanks.

        Upvote the answer(s) that helped you solve the issue
        Use "Topic Tools" button to mark your post as Solved
        Add screenshots via postimage.org
        Don't ask support requests via chat/PM. Please use the forum so others can benefit from the solution in the future

        1 Reply Last reply
        0

        • Login

        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Users
        • Groups
        • Search
        • Get Qt Extensions
        • Unsolved