NET::ERR_CERT_REVOKED in Chrome/Chromium, introduced with MacOS Catalina

A quick workaround (ensure you trust the site)

In the chrome browser whilst on the page, type:

  • source

Apple has introduced a series of new requirements for SSL certificates to be accepted by Catalina, documented at To summarize here:

  • Key size must be at least 2048 bits.
  • Hash algorithm must be SHA-2 or newer.
  • DNS names must be in a SubjectAltName, not in the CN field only.

Moreover, for certificates issued after 2019-07-01:

  • The ExtendedKeyUsage extension must be present, with the id-kp-ServerAuth OID.
  • The validity period may not be longer than 825 days.

If you need a workaround to get the site working without replacing the certificate you can do the following.

  1. Download the certificate from the server (using another browser or with openssl)
  2. Install the certificate into Keychain Access under the login store
  3. Set the certificate to "always trust" by double clicking on it once it's been installed.