sébastienfromquebec

Q: Invalid Certificate on every secured website

Hi,

 

I've just updated to 10.7.4 with Safari 5.1.7 and after the update I'm always getting an Invalid Certificate for secured website.

 

www.paypal.com

every banking sites

etc

 

The content is not entirely loaded even if I click "continue".

 

I don't know if it related but I can't install any Extensions in Safari. I had ClickToFlash and 1Password and neither can be reinstalled after the update. I got a message telling me that the extension cannot be installed.

 

Thank you

MacBook Air, Mac OS X (10.7.4)

Posted on May 10, 2012 12:56 PM

Close

Q: Invalid Certificate on every secured website

  • All replies
  • Helpful answers

first Previous Page 3 of 10 last Next
  • by gurple,

    gurple gurple May 15, 2012 12:05 PM in response to sébastienfromquebec
    Level 1 (40 points)
    May 15, 2012 12:05 PM in response to sébastienfromquebec

    This problem seems to be a little more insedious than just ocspd not being able to validate from behind a proxy. I've seen such problems even when I'm not behind the proxy.

     

    Even worse it broke certificate based logins to our Cisco VPN since my certificate was issued by an intermediary CA which was suddenly listed as invalid. Even when I tried forcing every certificate in the chain as trusted (in both the login and System keychains), turned off the sane options of using OCSP and CRL in Keychain Access.app it still wouldn't work.

     

    Then I relaized that the daemons used to create the VPN run as the root user.

     

    I had to enable and login to the root user. From there set in Keychain Access.app all of the needed certificates as trusted in the System keychain for the root account.

     

    Now it all seems to function (mostly). There is still the problem of some certificates being marked as having an invalid key length as mentioned by another poster in the thread.

     

    I hope Apple gets this sorted out ASAP.

     

    I hope even more that I'll remember to bring my system back into a sane state after the fix.

  • by dbajohn,

    dbajohn dbajohn May 15, 2012 5:32 PM in response to tcthomas
    Level 1 (10 points)
    May 15, 2012 5:32 PM in response to tcthomas

    did apple have any suggestions as to what to do.  At this point I'm suspecting that the Lion upgrade has made handling proxies more strict and some proxies are failing.  If I could accurately describe this to our internal IT folks I mght have a chance of getting close to a fix.

     

    Anything Apple said might be interesting.

  • by marc from white river junction,

    marc from white river junction marc from white river junction May 15, 2012 5:36 PM in response to dbajohn
    Level 1 (0 points)
    May 15, 2012 5:36 PM in response to dbajohn

    Yes, but what about those of us who are not behind proxies who are experiencing the same problems?

  • by Robke,

    Robke Robke May 15, 2012 10:26 PM in response to sébastienfromquebec
    Level 1 (0 points)
    May 15, 2012 10:26 PM in response to sébastienfromquebec

    My bug report has been closed as a duplicate of 11232763, so Apple is aware of the problem.

  • by tcthomas,

    tcthomas tcthomas May 16, 2012 4:02 AM in response to sébastienfromquebec
    Level 1 (0 points)
    May 16, 2012 4:02 AM in response to sébastienfromquebec

    So, I went into my local Apple Store yesterday with this thread and my laptop to see if they had any ideas.  The 'genius' hadn't encountered this problem with anyone else and because we couldn't recreate it at the Store (because no proxy), he offered to install a bug tracker that would log all errors and then I could take the laptop back in and he could escalate it to engineering.  However, for a variety of other reasons, I do not have the patience or time to go through this and so asked him to roll it back to 10.7.3 and I won't update for a while.

     

    So, I'm afraid no solution, however, if someone has the time and patience, it does sound like there will be the option to get it looked at in detail.

     

    Sorry I couldn't be of more help guys.

  • by kaltekar,

    kaltekar kaltekar May 16, 2012 5:07 AM in response to Robke
    Level 1 (10 points)
    May 16, 2012 5:07 AM in response to Robke

    Can you post your ug report to openradar so I can dup it?

  • by Vibou,

    Vibou Vibou May 16, 2012 5:28 AM in response to sébastienfromquebec
    Level 1 (0 points)
    May 16, 2012 5:28 AM in response to sébastienfromquebec

    It is just INCREDIBLE ! Since I update from 10.7.3 to 10.7.4 I m running through major network problems including network configuration which is not saved correctly (e.g., credentials for proxy go back to blank once I close the window to set them). It keeps asking me for certificates all the times, smtp server connection is completely lost (in Mail application) all my extensions in Safari have been uninstalled without my approval.

     

    Anyway ! I bought a Mac because I know that I can rely on it all the time. But having such updates with those kind of bugs afterward I would rather stay on linux.

     

    So please Apple, do something and quick.

  • by kaltekar,

    kaltekar kaltekar May 17, 2012 6:08 AM in response to sébastienfromquebec
    Level 1 (10 points)
    May 17, 2012 6:08 AM in response to sébastienfromquebec

    We were able to find a fix for this.  We disabled Online Certificate Status Protocal in Keychain Access's Preferences. 

     

    Screen Shot 2012-05-17 at 8.59.27 AM.png

  • by sébastienfromquebec,

    sébastienfromquebec sébastienfromquebec May 17, 2012 6:19 AM in response to kaltekar
    Level 1 (1 points)
    May 17, 2012 6:19 AM in response to kaltekar

    It didn't work for me

  • by marc from white river junction,

    marc from white river junction marc from white river junction May 17, 2012 7:33 AM in response to kaltekar
    Level 1 (0 points)
    May 17, 2012 7:33 AM in response to kaltekar

    It didn't work for me either, now restoring to 10.7.3 from Time Machine.

  • by gurple,

    gurple gurple May 17, 2012 8:03 AM in response to marc from white river junction
    Level 1 (40 points)
    May 17, 2012 8:03 AM in response to marc from white river junction

    The only way I reliably got these intermediary CA certs to function was to force them as trusted via Keychain Access run under the root account. Otherwise System daemons which use the certs will balk.

  • by Robke,

    Robke Robke May 17, 2012 8:16 AM in response to kaltekar
    Level 1 (0 points)
    May 17, 2012 8:16 AM in response to kaltekar
  • by kaltekar,

    kaltekar kaltekar May 17, 2012 8:25 AM in response to sébastienfromquebec
    Level 1 (10 points)
    May 17, 2012 8:25 AM in response to sébastienfromquebec

    Try tunring both OCSP and CRL off.

  • by dbajohn,

    dbajohn dbajohn May 17, 2012 9:30 AM in response to kaltekar
    Level 1 (10 points)
    May 17, 2012 9:30 AM in response to kaltekar

    turned off both option in key chain preferences.

    rebooted.

    no change in behavior.  Still getting error accessing https sites.

    grrrrrrrrrrrrrr.

  • by dbajohn,

    dbajohn dbajohn May 21, 2012 4:19 PM in response to sébastienfromquebec
    Level 1 (10 points)
    May 21, 2012 4:19 PM in response to sébastienfromquebec

    has anyone made any progress on this or heard anything from Apple. 

first Previous Page 3 of 10 last Next