Hi,
i am not able to activate HTTPS support, because your certificate is not valid for Mac Os Catalina and IOS 13.
Installed like shown, Error message when testing: "Certificate may not have been installed"
I have tested the procedure on a different Mac with Mojave, it works there.
Any help
regards
Ulmisch
Same difficulty for iOS. Downloaded and installed Configuration Profile ‘eBlocker - RobBlocker - 2019/08/25’ and set it as trustworthy. Apparently not accepted.
After further tests i can confirm:
certificates work:
Mac OS up to Mojave, not with Catalina
IOS up to version 12.x., not with version 13.x.
Apparently Apple changed something within the new versions.
I think we will need updated certificates to get them work.
Hopefully they will be delivered shortly....
regards
Ulmisch
Apple has changed the minimal requirements for certificates to Hash-Algrrithm from SHA-2-family.
The curent certificate seems to be sha-1.
Currently I can find no workarounds.
with 2 Macs Catalina and iPhone iOS13.
I tested on iOS 13 and the problem was not the root certificate but eBlocker's server certificate. The TLS filtering worked but the controlbar could not be loaded from the eBlocker itself.
According to the new requirements that stw56132 found:
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
Currently, eBlocker's server certificate has a validity of 3 years (1095 days) if the root certificate has the same validity period.
Workaround: create new root certificate with 2 years. Then eBlocker creates a new server certificate with the same validity period.
Who will change this?
Certificate on my iPad now runs from 25-08-2019 to 25-08-2022 (3 years), but period can’t be changed in Settings/General/Profile/eBlocker/Details/
Best wishes for 2020. Rob
You would have to create a new root certificate:
- Go to Settings / HTTPS / Certificate
- Click RENEW NOW
- In the SETTINGS tab, select Months valid: 24
- Click GENERATE CERTIFICATE
The new root certificate must be installed in all clients.
Followed instructions, rebooted iPad and iPhone, worked on both! Thank you Boris.
You would have to create a new root certificate:
- Go to Settings / HTTPS / Certificate
- Click RENEW NOW
- In the SETTINGS tab, select Months valid: 24
- Click GENERATE CERTIFICATE
The new root certificate must be installed in all clients.
This worked for me! Thank you.
Hello,
I also followed the instructions on my imac (OS X 10.15.3). But there is an error Code: -25294.
So I´m not able to import the certificate. What can I do?
Hello,
I can't find this error code!!!
Is this when will it appear?
regards
PIO
Please attach screenshots, from what you are doing and when the error appears. Without that, it is nearly impossible to help 🙂
Kind regards
Sven
In the "eblocker 2" GUI I klicked to certificate "download".
Then it was downloaded in my downloadfolder. Then I opend the keychain Access, gone to keyrings "System" and category "certificates". Then I klicked to "import object" and tried to import the downloaded certificate. Then there is the error code. Here is the Screenshot of the error code:error code -25294
Can you post your eblocker "License" and "Update" Screen and also your "HTTPS certificate".
I am also not able to find any website with Mac certificate errors which could help.
best regards
Sven
Found a website with the errorcode and "Schlüsselbund" issues, but the outgoing link to the apple discussion forum is not working.
It is an issue with the keyring store, could not been read or add anything.
https://www.mactechnews.de/forum/discussion/Schluesselbund-234657.html
and the not working link
http://discussions.info.apple.com/WebX?50 @215.wy7daldmkji.2@.599ba1e8
cheers
Sven
And here is a link to the german apple forum with some troubleshooting tips for the keychain
https://communities.apple.com/de/thread/200009033?answerId=200086606622#200086606622
and here some more
https://communities.apple.com/de/search?q=schlüsselbund%2025294&page=1&content=filterDiscussions
Try to backup/export the keystore and delete it afterwards.
Then recreate it and try to import the certificate
Hope this helps
Screenshots from License and Update Screen and certificate
I also have another certificate with "*.cer" instead of "*.crt", but when I tried to make an upload there was a message that this is not possible at the moment.
I found two certificates in the keyrings but I'm not able to delete them and try it again. (see in keyrings.pdf)
No visible error in the attached screenshots..
So please go through the websites I posted, regarding the keyring issue in MacOS...
As I don't have an Mac, I am not able to check this issue any deeper as I've already done.
Good luck
Cheers
Sven
thank you for your help. I try to aks the apple support next week.
Cheers
You're welcome 🙂
Hello everybody,
today I did a clean install of eBlocker 2.4.5 for testing purpose. With MacOS Catalina (15.4) I had the same problem (though selecting 24 months); see attached hardcopy.
The solution is very simple: You may not import the certificate as described in the docs you must double click on the file. Then it gets automatically imported
Seems to me like a bug in the keychain import...
as described in the docs
Which docs are you referring too? (It‘s quite some docu chaos meanwhile. Sorry.)
Can you help with the update changes as I‘m on Windows...?
@Random Yes, of course I can help. I fond two sources for the "import" method: https://eblocker.github.io/help/en-us/360002344313.html and the built in wizard of eBlocker UI which shows me appropriate steps if the certificate is not found. By the way, I am sure this wizard is a great help for "normal" users. Congratulations!
Of course, I can't tell you if older MacOS versions were able to import the certificate by double click. Maybe I should try the import with more different preconditions?
I had also the problem with activating the HTTPS support on the dashboard, because the new 24 month certificate was not accepted. Please find enclosed a short note with a bunch of screenshots. I hope this may help although it's in German.
Apparently my pdf file (368KB) was not received by you. here's another try.
@adaeweritzt-online-de You can post screenshots and a deepl translation directly in the forum. PDF can not be indexed by our search function and German is discouraged as it discriminates non German speakers.
We‘d love to hear your experiences and would like to encourage you to post straight in the forum (not in external documents) - and in English only please.
THX!