Own CA for managing .local certificates

Hi Folks,

We have a few local network sources for example a (NAS) with a hostname "NAS.local" and some printers where i want to do IPPS printing with "printerX.local"

For transport security i want to use SSL, but i don't want to have the frequent management so i want certificates to be valid as long as possible. After trying, i found out that on iOS client devices self-signed certificates does not work at all (cannot be trusted) without a CA.

To solve this, i created an own CA (10 year valid), tried and signed a lot of certificates for testing and found out that iOS can trust signed certificates with a maximum validity of 800 days!

I found an Apple Link that is describing the maximum validity of 398 days except for certificates from a own CA's. Can someone refer me to the documentation that is explaining the 800 days limit?

Maybe you can get the information from this place https://support.apple.com/en-in/103769

Own CA for managing .local certificates
 
 
Q