Trusted SSL certificates in OSX 10.15+ and iOS 13+

I deployed a new vSphere VCSA for my homelab in December 2019 (last month). By default these come with a self-signed SSL certificate that's valid for 10 years. Of course I typically replace these with a signed certificate but it's not always the first thing that I do.

What I found this time however is that on my Mac neither Chrome or Brave would allow me to reach the web UI. Only Firefox would. I expect security warnings for self-signed (and hence untrusted) certificates. On the former two browsers though the message suggests that the certificate is invalid in some other way:

What's actually happening is that as of MacOS 10.15 and iOS 13 SSL certificates have to meet certain criteria to be deemed to be valid. These are documented here: https://support.apple.com/en-us/HT210176.

In the case of the vCenter VCSA, the duration (10 years) is over 825 days. Hence no dice. It would be better if Chrome was clearer about that.