I have not gotten past this. On Beta 5 today, still have the same issue, although my self signed sites do work in Safari. AT first I thought it might be related to this:
https://support.apple.com/en-us/HT210176
All TLS server certificates must comply with these new security requirements in iOS 13 and macOS 10.15:
- TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using RSA key sizes smaller than 2048 bits are no longer trusted for TLS.
- TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm. SHA-1 signed certificates are no longer trusted for TLS.
- TLS server certificates must present the DNS name of the server in the Subject Alternative Name extension of the certificate. DNS names in the CommonName of a certificate are no longer trusted.
Additionally, all TLS server certificates issued after July 1, 2019 (as indicated in the NotBefore field of the certificate) must follow these guidelines:
- TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
- TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
Connections to TLS servers violating these new requirements will fail and may cause network failures, apps to fail, and websites to not load in Safari in iOS 13 and macOS 10.15.
But the fact that they do work in Safari leads me to reason it is something else, possibly the length of the cert validity but that still makes no sense reading that Apple support. My self signed certs, are SHA-256, but they were created after 7/1/2019, and they have a validity of more than 825 days, 10yrs actually. For reference, the ones I am having issue with are Vmware Virtual Center self signed certs. If I go to a different Virtual Center with self signed certs issues before 7/1, it works in Chrome fine on Beta 5, but the validity dates are also longer than 825 days on those as well so that kind of makes me think it has something to do with the actual issue date but I don't know.