Running one’s own root Certificate Authority in 2023

[nemo]

This is not really an Apple thing, it's an industry trend (and a good one IMO). Apple's generally applying the same criteria Chrome is: https://chromium.googlesource.com/chromium/src/+/HEAD/net/do...

[xg15]

Seems Chrome is specifically making an exception for custom root CAs though:

> This will only apply to TLS server certificates from CAs that are trusted in a default installation of Google Chrome, commonly known as “publicly trusted CAs”, and will not apply to locally-operated CAs that have been manually configured.

[nemo]

Looking into it further, that's actually Apple's policy as well.