Bypass for the certificate must be valid for 825 days or fewer
Is there a way to workaround issue with certs valid for long time (10 years)? I work in a corporation where Macs are not common and we have some internal long live certificates.
I know I can add single cert to trusted but any option to make Mac to trust all internal certs?
Is there a way to workaround issue with certs valid for long time (10 years)?
There's no client side workaround to simply ignore or bypass invalid certificates. You have 3 options:
- import the certificate manually into Keychain Access and/or your browsers
- batch import the certificates provided by your IT department
- IT should stand up their own CA server that complies with the new standard of 13 month validity.
Further Reading
- Setting Up Certificate Authorities (CAs) in Firefox
- Add certificates to a keychain using Keychain Access on Mac
- Import and export keychain items using Keychain Access on Mac
- Set up TLS (or SSL) inspection on Chrome devices
Summary
Basically, to avoid having to accept each individual certificate, your IT department will need to supply you with your applicable certificates for the internal sites, servers, and everything else you need to connect to so that you can add them to your browsers and/or key chain. It would be less intrusive if they stood up their own CA server, but if they have self signed certs for all of the internal services, they would need to distribute them to everyone so they could be added in one single go.
A quick workaround of you are using Google Chrome is to use the bypass word "thisisunsafe":
- Go to the (trusted) page
- Once you get to the message that says "Your connection is not private" click anywhere on the page
- Type: thisisunsafe
This will add your page to a whitelist of the browser and instantly bypass the warning. Don't do this on sites you don't trust.