Archive
Slides from the “MDM: From “Nice to Have” To Necessity” session at MacDeployment 2019
For those who wanted a copy of my MDM talk at the MacDeployment 2019 conference, here are links to the slides in PDF and Keynote format.
PDF – https://tinyurl.com/MacDeploy2019PDF
Keynote – https://tinyurl.com/MacDeploy2019Keynote
New TLS security requirements for iOS 13 and macOS Catalina 10.15
As part of the information published at WWDC 2019 by Apple, the following KBase article has been released:
Requirements for trusted certificates in iOS 13 and macOS 10.15: https://support.apple.com/HT210176
This KBase article describes how Apple is implementing new security requirements for TLS server certificates. These certificates are used by servers to encrypt communication between Apple devices and those servers, to make sure that all communication between the servers and those devices is protected.
- Certificate key sizes must be 2048-bit or greater
- SHA-2 must be used for the certificate signing
- DNS hostname of the server must be listed in a Subject Alternative Name (SAN) certificate extension in addition to being listed in the Common Name field of the certificate.
Also, all TLS certificates issued after July 1, 2019 must meet these additional requirements:
- Must be valid for 825 days (27 months) or less
- Must contain the following Object Identifier in the ExtendedKeyUsage extension: id-kp-serverAuth
What happens if you use iOS 13 or macOS Catalina to try to connect to servers with TLS certificates which don’t meet these standards? The connection will fail because the OS will reject the certificate as being invalid. This may result in a web browser not connecting, an app crashing or some other undesired behavior.
As part of testing iOS 13 and macOS 10.15 ahead of their release dates, I strongly recommend testing the various services used at your workplace to make sure that the TLS certificates used by the services of your company, school or institution are able to pass these requirements. Otherwise, you may find some unfortunate surprises on Release Day this fall.
WWDC 2019 notes
This week, I’m out in San Jose, California as an attendee of Apple’s WWDC 2019 conference. As part of this, I’m taking notes during the labs and sessions. Due to wanting to stay on the right side of Apple’s NDA, I’ve been posting my notes to Apple’s developer forums rather than to here.
To make it easier for Mac admins to access them, I’ve set up a post in the forums where I’ve linking the various forum posts with my notes. It’s available via the link below:
Der Flounder 
Recent Comments