Ask questions"Certificate not standards compliant" on macOS Catalina, iOS 13

Certificates generated after July 1st, 2019 by versions of mkcert prior to v1.4.0 will not work on macOS 10.15 Catalina and iOS 13. Please update mkcert and regenerate the affected certificates.

The root CA is unaffected and there is no need to rerun mkcert -install.

— @FiloSottile

Under MacOS Catalina Public Beta 2, after installing mkcert via Homebrew and running the root certificate installer, my mkcert generated certificates are rejected in Safari with the message 'Certificate is not standards compliant' and in Chrome with 'ERR_CERT_REVOKED'.


Answer questions FiloSottile

Had to kick macOS to get it to download Catalina, but I managed to test this.

The fix works correctly. Here's a before and after.

Screen Shot 2019-08-16 at 2 36 17 AM

Screen Shot 2019-08-16 at 2 41 42 AM

I'll make a release tomorrow.

(What didn't work is brew install mkcert --HEAD because Homebrew regrettably removed that very useful feature from its core packages. I will maintain a formula in this repo for these cases.)

Filippo Valsorda FiloSottile @Google, Go team Manhattan, NYC Cryptogopher. Go security lead. @recursecenter alum. RC F'13, F2'17.
Github User Rank List