MacOS Catalina Certificate Errors


#1

MacOS Catalina will reject any certificate with a valid period of longer than 825 days. The default self-signed certificates generated by Replicated for the console have a validity of 100 years. This prevents users from connecting to the Replicated console from their laptops.

You can generate and upload a certificate with a validity of 825 days using a script like this:

#!/bin/bash

hostname=10.128.0.110
cert=/var/lib/replicated/secrets/pkix-10.128.0.110.host.crt
key=/var/lib/replicated/secrets/pkix-10.128.0.110.host.key

openssl x509 -x509toreq -in $cert -out CSR.csr -signkey $key

openssl x509 -req -days 825 -in CSR.csr -CA /var/lib/replicated/secrets/ca.crt -CAkey /var/lib/replicated/secrets/ca.key -CAcreateserial -out cert.crt

replicated console cert set $hostname $key ${PWD}/cert.crt

systemctl restart replicated replicated-ui

Edit the hostname, cert, and key params to match the values of your installation and then run the script as root.