Post marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
contentPostList.repliessolved.tooltip
Matt,Thanks kindly for your prompt reply. For some reason the forums had defaulted to Noticiations "On", but all of the checkboxes -- including email -- were unticked, so was never notified of a response.Both of your replies are very helpful.> "This shorten validity period only affects certificates created with a root that already exists in the trust store of the device. If you have an enterprise root that is added to your device via MDM or for user testing, you will not be affected. The policy applies if the server’s certificate relies on a chain of trust that ends in the CA root that’s built in to the OS trust store."We add the cert as part of our .pkg installer to allow a successful SSL connection back to our app from the browser. So although it doesn't "ship with the device" it is added to the System Keychain on install (or via profile on mobile), removed on uninstall.We've baked in our own renewal process (we use Jetty, which offers fantastic live cert replacement support) but we've noticed in previous iterations of shorter cert lengths, the entire OS would enforce this policy.For those reasons, we're trying to decide if:We just shorten the length for all certs in anticipate of something like Ballot 193 happening again (but for this newer, shorter span)-- OR --We just stay within the current 825 day requirement.If our System cert will continue to work for 825 days after this change without unintended side-effects we'll keep that standard. (we understand certs installed before this time will continue working, but our certs are part of our installation process, so we'd like to avoid the influx).> "In regards to testing with Safari, I would keep an eye on the Safari Technology Preview release notes as the September 1st deadline starts getting closer."Ok, I'm linking the actual release notes for others: https://developer.apple.com/safari/technology-preview/release-notes/Is it safe to say that this change will be spelled out in the release notes for the version which includes it? If not, is there a support path to obtain this information from Apple?