[Solved] eOS 2.4.5: HTTPS certificate Mac OS Catalina and IOS 13 (solved in 2.5)

27 Posts
12 Users
4 Reactions
3,480 Views
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
Topic starter  

Hi,

i am not able to activate HTTPS support, because your certificate is not valid for Mac Os Catalina and IOS 13.

Installed like shown, Error message when testing: "Certificate may not have been installed"

I have tested the procedure on a different Mac with Mojave, it works there.

Any help

regards

Ulmisch


   
ReplyQuote
(@Anonymous)
New Member Guest
Joined: 1 Sekunde ago
Posts: 0
 

Same difficulty for iOS. Downloaded and installed Configuration Profile ‘eBlocker - RobBlocker - 2019/08/25’ and set it as trustworthy. Apparently not accepted.


   
ReplyQuote
(@ulmisch)
Member
Joined: 6 Jahren ago
Posts: 39
Topic starter  

After further tests i can confirm:

certificates work:

Mac OS up to Mojave, not with Catalina 

IOS up to version 12.x., not with version 13.x.

Apparently Apple changed something within the new versions.

I think we will need updated certificates to get them work.

Hopefully they will be delivered shortly....

regards 

Ulmisch


   
ReplyQuote
(@stw56132)
New Member
Joined: 6 Jahren ago
Posts: 1
 

Apple has changed the minimal requirements for certificates to Hash-Algrrithm from SHA-2-family. 
The curent certificate seems to be sha-1. 
Currently I can find no workarounds. 

https://support.apple.com/en-us/HT210176  


   
ReplyQuote
(@dramagold)
New Member
Joined: 6 Jahren ago
Posts: 1
 

with 2 Macs Catalina and iPhone iOS13.


   
ReplyQuote
(@bpr)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 308
 

I tested on iOS 13 and the problem was not the root certificate but eBlocker's server certificate. The TLS filtering worked but the controlbar could not be loaded from the eBlocker itself.

According to the new requirements that stw56132 found:

TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

Currently, eBlocker's server certificate has a validity of 3 years (1095 days) if the root certificate has the same validity period.

Workaround: create new root certificate with 2 years. Then eBlocker creates a new server certificate with the same validity period.


   
ReplyQuote
(@Anonymous)
New Member Guest
Joined: 1 Sekunde ago
Posts: 0
 

Who will change this?

Certificate on my iPad now runs from 25-08-2019 to 25-08-2022 (3 years), but period can’t be changed in Settings/General/Profile/eBlocker/Details/

Best wishes for 2020. Rob

 


   
ReplyQuote
(@bpr)
Famed Member Admin
Joined: 6 Jahren ago
Posts: 308
 

You would have to create a new root certificate:

  • Go to Settings / HTTPS / Certificate
  • Click RENEW NOW
  • In the SETTINGS tab, select Months valid: 24
  • Click GENERATE CERTIFICATE

The new root certificate must be installed in all clients.


   
ReplyQuote
(@Anonymous)
New Member Guest
Joined: 1 Sekunde ago
Posts: 0
 

Followed instructions, rebooted iPad and iPhone, worked on both! Thank you Boris.


   
ReplyQuote
(@robertocravallo)
Trusted Member
Joined: 5 Jahren ago
Posts: 62
 
Posted by: @bpr

You would have to create a new root certificate:

  • Go to Settings / HTTPS / Certificate
  • Click RENEW NOW
  • In the SETTINGS tab, select Months valid: 24
  • Click GENERATE CERTIFICATE

The new root certificate must be installed in all clients.

This worked for me! Thank you.


   
Random reacted
ReplyQuote
(@zwergkralle)
Trusted Member
Joined: 5 Jahren ago
Posts: 47
 

Hello,

I also followed the instructions on my imac (OS X 10.15.3). But there is an error Code: -25294.

So I´m not able to import the certificate. What can I do?


   
ReplyQuote
(@pio78)
Member
Joined: 6 Jahren ago
Posts: 329
 

Hello,

I can't find this error code!!!

Is this when will it appear?

regards

PIO


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 

@zwergkralle

Please attach screenshots, from what you are doing and when the error appears. Without that, it is nearly impossible to help 🙂

Kind regards
Sven


   
ReplyQuote
(@zwergkralle)
Trusted Member
Joined: 5 Jahren ago
Posts: 47
 

In the "eblocker 2" GUI I klicked to certificate "download".

Then it was downloaded in my downloadfolder. Then I opend the keychain Access, gone to keyrings "System" and category "certificates". Then I klicked to "import object" and tried to import the downloaded certificate. Then there is the error code. Here is the Screenshot of the error code:error code -25294


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 

Can you post your eblocker "License" and "Update" Screen and also your "HTTPS certificate".

I am also not able to find any website with Mac certificate errors which could help.

best regards
Sven


   
Random reacted
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 

Found a website with the errorcode and "Schlüsselbund" issues, but the outgoing link to the apple discussion forum is not working.

It is an issue with the keyring store, could not been read or add anything.

https://www.mactechnews.de/forum/discussion/Schluesselbund-234657.html

and the not working link
http://discussions.info.apple.com/WebX?50 @215.wy7daldmkji.2@.599ba1e8

cheers
Sven


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 

And here is a link to the german apple forum with some troubleshooting tips for the keychain

https://communities.apple.com/de/thread/200009033?answerId=200086606622#200086606622

and here some more
https://communities.apple.com/de/search?q=schlüsselbund%2025294&page=1&content=filterDiscussions

Try to backup/export the keystore and delete it afterwards.
Then recreate it and try to import the certificate

Hope this helps


   
ReplyQuote
(@zwergkralle)
Trusted Member
Joined: 5 Jahren ago
Posts: 47
 

@calimerO, @Pio78

Screenshots from License and Update Screen and certificate

Scrennshots

I also have another certificate with "*.cer" instead of "*.crt", but when I tried to make an upload there was a message that this is not possible at the moment.

I found two certificates in the keyrings but I'm not able to delete them and try it again. (see in keyrings.pdf)


   
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 

No visible error in the attached screenshots..
So please go through the websites I posted, regarding the keyring issue in MacOS...

As I don't have an Mac, I am not able to check this issue any deeper as I've already done.

Good luck
Cheers
Sven


   
ReplyQuote
(@zwergkralle)
Trusted Member
Joined: 5 Jahren ago
Posts: 47
 

@CalimerO

thank you for your help. I try to aks the apple support next week.

Cheers


   
CalimerO reacted
ReplyQuote
(@calimero)
Member
Joined: 5 Jahren ago
Posts: 527
 
Posted by: @zwergkralle

@CalimerO

thank you for your help. I try to aks the apple support next week.

Cheers

You're welcome 🙂


   
ReplyQuote
(@valentin)
Member
Joined: 6 Jahren ago
Posts: 118
 

Hello everybody,

today I did a clean install of eBlocker 2.4.5 for testing purpose. With MacOS Catalina (15.4) I had the same problem (though selecting 24 months); see attached hardcopy.

The solution is very simple: You may not import the certificate as described in the docs you must double click on the file. Then it gets automatically imported

Seems to me like a bug in the keychain import...

 Bildschirmfoto 2020 05 30 um 12.58.42

   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2073
 
Posted by: @valentin

as described in the docs

Which docs are you referring too? (It‘s quite some docu chaos meanwhile. Sorry.)

Can you help with the update changes as I‘m on Windows...?


   
ReplyQuote
(@valentin)
Member
Joined: 6 Jahren ago
Posts: 118
 

@Random Yes, of course I can help. I fond two sources for the "import" method: https://eblocker.github.io/help/en-us/360002344313.html and the built in wizard of eBlocker UI which shows me appropriate steps if the certificate is not found. By the way, I am sure this wizard is a great help for "normal" users. Congratulations!

Of course, I can't tell you if older MacOS versions were able to import the certificate by double click. Maybe I should try the import with more different preconditions?

 

 Bildschirmfoto 2020 05 30 um 19.40.33

   
ReplyQuote
(@adaeweritzt-online-de)
Active Member
Joined: 5 Jahren ago
Posts: 4
 

I had also the problem with activating the HTTPS support on the dashboard, because the new 24 month certificate was not accepted. Please find enclosed a short note with a bunch of screenshots. I hope this may help although it's in German. 


   
ReplyQuote
(@adaeweritzt-online-de)
Active Member
Joined: 5 Jahren ago
Posts: 4
 

Apparently my pdf file (368KB) was not received by you. here's another try.


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2073
 

@adaeweritzt-online-de You can post screenshots and a deepl translation directly in the forum. PDF can not be indexed by our search function and German is discouraged as it discriminates non German speakers.

We‘d love to hear your experiences and would like to encourage you to post straight in the forum (not in external documents) - and in English only please.

THX!


   
ReplyQuote

Nach oben scrollen