Compatibility CAA - Mac Catalina - bug

 you said you couldn't copy the file over to Shared. Is there an error popping up? Have you tried copying it via Finder instead?

Sivu 

Yes, I tried manually. Same behaviour!

The same behaviour on 17.5 MR8

Regards

Looks like a regression from Apple - just like with iOS 13, will take a look at it asap. 

As Stuart mentioned, this is likely caused by changes Apple have made to the required certificate criteria when they authenticate certificates.

We are planning to update the generation of the default Appliance Certificate to meet these new criteria but were unable to get this done in time for this EAP release, unfortunately. We also expect to make this change in an upcoming MR for version 17.5.

In the meantime, to support users running Catalina or iOS13, you should look at using a certificate that is signed on a different system, which meets the criteria set out in the Apple article. You can create a CSR and the accompanying private key on the XG firewall, but the signing process, which will set the expiry date and the 'Purpose' fields, will need to be carried out on a system where you can ensure the right values are set. We'll investigate further and try to come up with some more specific instructions soon.

As Stuart mentioned, this is likely caused by changes Apple have made to the required certificate criteria when they authenticate certificates.

We are planning to update the generation of the default Appliance Certificate to meet these new criteria but were unable to get this done in time for this EAP release, unfortunately. We also expect to make this change in an upcoming MR for version 17.5.

In the meantime, to support users running Catalina or iOS13, you should look at using a certificate that is signed on a different system, which meets the criteria set out in the Apple article. You can create a CSR and the accompanying private key on the XG firewall, but the signing process, which will set the expiry date and the 'Purpose' fields, will need to be carried out on a system where you can ensure the right values are set. We'll investigate further and try to come up with some more specific instructions soon.