Skip to main content

iOS 12 / macOS 10.14+ and self-signed certificates

Starting with iOS 12 and macOS 10.14, Apple rejected server certificates that use RSA keys smaller than 2048 bits. In FileWave environments, this most often affects older self-signed certificates, especially on servers originally set up before FileWave 9.0.

If your FileWave server uses a trusted CA-issued certificate, or a self-signed certificate generated by FileWave 9.0 or later, you are typically already meeting this specific 2048-bit key-size requirement.

How to check the certificate RSA key size

macOS, Linux:

openssl x509 -in /usr/local/filewave/certs/server.crt -text -noout | grep Public-Key

Windows:

C:\OpenSSL-Win64\bin\openssl.exe x509 -in C:\ProgramData\FileWave\FWServer\certs\server.crt -text -noout | FINDSTR Public-Key

Windows does not include OpenSSL by default, so you may need to install it first. One common source is Win32/Win64 OpenSSL.

The best long-term fix is to use a root-trusted certificate from a Certificate Authority. If you already have a wildcard certificate, you may be able to use that for your FileWave server. For more guidance, see Root Trusted SSL Certificate (Using and Renewing).

If you must stay self-signed

Renew the certificate with a 2048-bit RSA key or larger, then make sure devices trust the new certificate before you switch the server to it. The safest order is:

  • Create the new key and certificate.
  • Deploy the new certificate to devices so it is trusted before the cutover.
  • Switch the FileWave server to the new certificate after the trust profile is in place.
  • Recreate Automated Device Enrollment (ADE/DEP) profiles and associations if your workflow requires it.

For the detailed renewal steps, see Renew FileWave Server Self-signed Certificate. If you are specifically working through iOS trust behavior for self-signed certificates, Renew MDM self signed SSL certificate with iOS devices is also useful.

If devices have already upgraded and no longer trust the old certificate, recovery may require manually installing and trusting the new certificate until normal communication is restored.

Newer Apple releases introduced additional certificate requirements beyond key size. If you are troubleshooting iOS 13, macOS 10.15, or later, also review SSL Server Certificates - iOS 13 and macOS 10.15.

Related Content

No comments to display

Back to top