Custom CA for TLS doesn't work with DNS

Question

Level 1

6 points

Custom CA for TLS doesn't work with DNS

I created a custom CA to generate TLS certificates for some services installed on a server I have. I installed the Root CA on both my Mac and iPhone. Everything works fine in Safari with HTTPS, but when I use the certificate with a DNS over TLS server, my devices don’t consider it safe. On my Mac, I manually installed the certificate, and it works. Is it possible to install just the Root CA?

MacBook Air 13″, macOS 15.6

Posted on Sep 8, 2025 4:13 PM

Reply

Answer 1

a brody

Level 10

85,308 points

Sep 11, 2025 7:31 PM in response to G9009

https://www.kandji.io/blog/certificates-device-management-guide-for-mac-admins this is the best guide I could find about certificates on the Mac. I've not had to mess much with them, except to authorize those which I know were real.

Reply

Answer 2

G9009 Author

Level 1

6 points

Oct 21, 2025 11:05 PM in response to a brody

It seem to be a DNS-over-TLS issue. With DNS-over-HTTPS the custom certificate works

Reply