0

I generated ssl certificates for (Nifi Registry https://nifi.apache.org/registry.html) I installed them in Windows.. it worked and i get a prompt to select certificate when i open the website https://

Now, when i install them in Mac, first it wont work out of box. Mac says unsupported format. After some googling, someone suggested to change the format from p12 to cer. I followed this (https://apple.stackexchange.com/questions/446790/mac-import-p12-certificate-into-the-keychain-via-command-line) answer and converted to .cer format with .cer format it got added to keychain (I can see it in keychains of mac)

but still when i access my webpage, it says localhost didn’t accept your login certificate, or one may not have been provided. ERR_BAD_SSL_CLIENT_AUTH_CERT

So i think, Mac is somehow not able to process the certificate.

Is there a way that i can add this .p12 certificate correctly to mac and make my website work ?

Please help or suggest.

santhosh
  • 439
  • 8
  • 17
  • You need the certificate and its corresponding private key for client authentication, which is why you started with a PKCS#12 file. The linked instructions only import the certificate (in PEM format) which is why that process doesn't work for client authentication. I haven't got a Mac, since I spilt a hot drink over it (best thing I did!), so can't help you with how to fix this. However, after some Googling I did read that PKCS#12 files generated with OpenSSL 3 don't play well with Apple devices. – garethTheRed Jun 28 '23 at 05:22
  • Thanks @garethTheRed for your comment. Yes no matter how many times i import the certificate (in .pem or .cer format by converting) and can see it succesfully in keychain, The browser never prompts me for selecting this certificate. So finally I gave up and now I am using a Windows machine to visit UI (which works perfectly fine). But I still wait If someone has a solution for this issue on Mac.. – santhosh Jun 28 '23 at 18:02

0 Answers0