I am trying to enable https on my localhost (for testing). Using Keychain Assistant, I have created both a self-signed CA and a certificate issued by that same CA. I have enabled trust on the CA in Keychain Assistant. I have placed the certificate files in my MAMP folder and have updated both the httpd.conf and httpd-ssl.conf files. When I access my local website using Safari, I get a message warning me that certificate is not trusted and a link to instructions on how to trust the certificate via Keychain Assistant.
I thought the purpose of setting trust on the CA was to not need to explicitly trust the certificates it issues. I came across the following while trying to understand the issue.
Why does iOS 13 not trust my own Root CA?
It states that the hash must now be SHA-2 rather than SHA-1. When I review the certificate info, its fingerprint appears to be using SHA-1. I cannot figure out how to create an SHA-2 certificate using Keyboard Assistant.
Can anyone tell me where this hidden capability lies? Or did Apple create a certificate requirement that its own tool cannot comply with?
Best Answer
Turns out this was just my misunderstanding of how to read the certificate info and the various SHA algorithms. I saw SHA-1 and SHA-256. I did not realize the latter was a SHA-2 variant. Apologies for any confusion this question may have caused.