NET::ERR_CERT_REVOKED in Chrome/Chromium, introduced with MacOS Catalina
A quick workaround (ensure you trust the site)
In the chrome browser whilst on the page, type:
- source https://podtech.com/os/mac-osx/chrome-catalina-certificate-issue/
Apple has introduced a series of new requirements for SSL certificates to be accepted by Catalina, documented at https://support.apple.com/en-us/HT210176. To summarize here:
- Key size must be at least 2048 bits.
- Hash algorithm must be SHA-2 or newer.
- DNS names must be in a SubjectAltName, not in the CN field only.
Moreover, for certificates issued after 2019-07-01:
- The ExtendedKeyUsage extension must be present, with the id-kp-ServerAuth OID.
- The validity period may not be longer than 825 days.
If you need a workaround to get the site working without replacing the certificate you can do the following.
- Download the certificate from the server (using another browser or with openssl)
- Install the certificate into Keychain Access under the login store
- Set the certificate to "always trust" by double clicking on it once it's been installed.