-
All replies
-
Helpful answers
-
May 15, 2012 12:05 PM in response to sébastienfromquebecby gurple,This problem seems to be a little more insedious than just ocspd not being able to validate from behind a proxy. I've seen such problems even when I'm not behind the proxy.
Even worse it broke certificate based logins to our Cisco VPN since my certificate was issued by an intermediary CA which was suddenly listed as invalid. Even when I tried forcing every certificate in the chain as trusted (in both the login and System keychains), turned off the sane options of using OCSP and CRL in Keychain Access.app it still wouldn't work.
Then I relaized that the daemons used to create the VPN run as the root user.
I had to enable and login to the root user. From there set in Keychain Access.app all of the needed certificates as trusted in the System keychain for the root account.
Now it all seems to function (mostly). There is still the problem of some certificates being marked as having an invalid key length as mentioned by another poster in the thread.
I hope Apple gets this sorted out ASAP.
I hope even more that I'll remember to bring my system back into a sane state after the fix.
-
May 15, 2012 5:32 PM in response to tcthomasby dbajohn,did apple have any suggestions as to what to do. At this point I'm suspecting that the Lion upgrade has made handling proxies more strict and some proxies are failing. If I could accurately describe this to our internal IT folks I mght have a chance of getting close to a fix.
Anything Apple said might be interesting.
-
May 15, 2012 5:36 PM in response to dbajohnby marc from white river junction,Yes, but what about those of us who are not behind proxies who are experiencing the same problems?
-
May 15, 2012 10:26 PM in response to sébastienfromquebecby Robke,My bug report has been closed as a duplicate of 11232763, so Apple is aware of the problem.
-
May 16, 2012 4:02 AM in response to sébastienfromquebecby tcthomas,So, I went into my local Apple Store yesterday with this thread and my laptop to see if they had any ideas. The 'genius' hadn't encountered this problem with anyone else and because we couldn't recreate it at the Store (because no proxy), he offered to install a bug tracker that would log all errors and then I could take the laptop back in and he could escalate it to engineering. However, for a variety of other reasons, I do not have the patience or time to go through this and so asked him to roll it back to 10.7.3 and I won't update for a while.
So, I'm afraid no solution, however, if someone has the time and patience, it does sound like there will be the option to get it looked at in detail.
Sorry I couldn't be of more help guys.
-
May 16, 2012 5:07 AM in response to Robkeby kaltekar,Can you post your ug report to openradar so I can dup it?
-
May 16, 2012 5:28 AM in response to sébastienfromquebecby Vibou,It is just INCREDIBLE ! Since I update from 10.7.3 to 10.7.4 I m running through major network problems including network configuration which is not saved correctly (e.g., credentials for proxy go back to blank once I close the window to set them). It keeps asking me for certificates all the times, smtp server connection is completely lost (in Mail application) all my extensions in Safari have been uninstalled without my approval.
Anyway ! I bought a Mac because I know that I can rely on it all the time. But having such updates with those kind of bugs afterward I would rather stay on linux.
So please Apple, do something and quick.
-
-
-
May 17, 2012 7:33 AM in response to kaltekarby marc from white river junction,It didn't work for me either, now restoring to 10.7.3 from Time Machine.
-
May 17, 2012 8:03 AM in response to marc from white river junctionby gurple,The only way I reliably got these intermediary CA certs to function was to force them as trusted via Keychain Access run under the root account. Otherwise System daemons which use the certs will balk.
-
-
May 17, 2012 8:25 AM in response to sébastienfromquebecby kaltekar,Try tunring both OCSP and CRL off.
-
May 17, 2012 9:30 AM in response to kaltekarby dbajohn,turned off both option in key chain preferences.
rebooted.
no change in behavior. Still getting error accessing https sites.
grrrrrrrrrrrrrr.
-
May 21, 2012 4:19 PM in response to sébastienfromquebecby dbajohn,has anyone made any progress on this or heard anything from Apple.
