tech.safesquid.com

Hello All,
I have encountered few scenarios where we were not able to Install SafeSquid's Root CA Certificate in Mac OS..
It was tough to understand as to why we were not able to Trust SafeSquid's Root CA on Mac OS Key Store [KeyChain]
Few Investigation ,
I did a lot of research as to how we can install SafeSQuid’s Root CA Certificate on Mac OS
But nothing worked for me.
I thought may be something else is broken in MacOS , so I tried installing Fiddler’s Root CA Certificate on Mac OS KeyChain[Password Manager]
And bang it worked.
So this indicated there is some problem with the SafeSquid’s Root CA Certificate.
After digging around, I found few information
• Public key Size in the Certificate
• Hashing Algorithm Used

Few POC Screenshots are listed below.


In both the Screenshot it clearly tells you more about the Public Key Size
Why you should not use Key Size less than 2048 bits Length

When I opened up the Fiddler Root CA Certificate. The details clearly shows that it uses Key Size 2048.
Screenshot :

And when I opened up,
SafeSquid Root CA Certificate : The Key Size is 1024 Bits
ScreenShot

And on Apple Documentation, Apple clearly mentions that it will discard Certificate using Key Size less than 2048 Bits
This explains why we were not able to install SafeSquid’s Root CA Certificate on Mac OS [10.12] and later on.
Which brings us to a Conclusion that Key Size is the Factor why SafeSquid Root CA Certificate is not getting installed on Mac OS.


Currently SafeSquid Generates, All it’s CA Root Certificate using RSA Key Size: 1024 Bits
Which is Okay for Windows Certificate Store and Firefox Store.
As per the Mac OS Documentation, Apple Password Manger [KeyChain] just discards Certificate having Public Key Size less than 2048.
In the Future, it will be fixed with More Strong Key Size & Signature Algorithm