![]() DNS names in the CommonName of a certificate are no longer trusted.Īdditionally, all TLS server certificates issued after J(as indicated in the NotBefore field of the certificate) must follow these guidelines: TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate.SHA-1 signed certificates are no longer trusted for TLS. TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm.Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS. TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. ![]() All TLS server certificates must comply with these new security requirements in iOS 13 and macOS 10.15:
0 Comments
Leave a Reply. |