+7Hello, we have a root certification, since a few days I try to deploy it to a mac (At the moment I do it with a configuration profil) and change it then to "Trust Always".
How I can change the trust to "Trust Always"? Use all browser the keychain for the ssl certification? Because this certifcation are used on a website.
Many Thanks for help!
Christian
+4Another few bits - the certs are ECDSA (not RSA). I wonder if there’s some process that breaks if that’s the case.
+25@JamieG Have you tried one configuration profile with a single certificate payload for all certs? Have you verified that Keychain Access can import the cert files used to create your certificate payload?
+4Narrowing down on my issue - for some reason, our RootCA, is not recognised by macOS as a Root (e.g. the orange certificate), instead it's recognised as an Intermediate... (blue certificate)
I have no idea why this is happening, but that would make sense for the rest of the problems.
So what makes a root a root? It's seen as it's own issuer etc.. and we haven't seen any issues in our Microsoft AD world.
+25EDIT: Removed non-useful suggestion
+4Got to the bottom of the issue - turns out our RootCA was using specifiedECDSA which a lot of stuff doesnt like, changed it back to sha384ECDSA as it should have been (not the MIcrosoft frig on it)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.