-
All replies
-
Helpful answers
-
-
Jun 18, 2012 6:16 AM in response to sébastienfromquebecby tooshay,It has been five weeks. Has anyone received any udpates on this? I'm still stuck.
-
Jun 18, 2012 6:26 AM in response to tooshayby sébastienfromquebec,I hope this is fixed in Mountain Lion !
-
Jul 5, 2012 9:20 AM in response to sébastienfromquebecby dbajohn,I noticed that this problem was fixed in some release today (july 3, 2012). I suspect that the culprit in my case was Chrome and not os/x. In any case I did nothing and suddently sites which were inaccessible started working in Chrome. Go figure.
-
Jul 9, 2012 6:16 AM in response to dbajohnby Arkady,Nope, I do not have Chrome or any other third party app and issue still persist
it is definitely tied to bug in Lion, no possibility to correctly check validity of certificates when you are behind ISA proxy. In networks without proxy (at home, for example), everything works fine.
-
Jul 11, 2012 6:08 AM in response to sébastienfromquebecby sébastienfromquebec,It's fixed in Mountain Lion
No more Certificate problem
-
Jul 11, 2012 7:25 AM in response to sébastienfromquebecby fnankivell,***HAPPY DANCE***
Merci Sébastien!
-
Jul 11, 2012 7:31 AM in response to fnankivellby Mac Admin1,to fix a BUG that's caused by an update we have to Upgrade = buy a new OS?
I don't like this 'think different' logic...
-
Jul 11, 2012 7:35 AM in response to Mac Admin1by jbixler,Yeah, especially since I'm sure it's not going to be an easy sell to my corporate IT support that I need them to let me upgrade to Mountain Lion just to fix a bug with Snow Leopard.
-
Jul 11, 2012 7:38 AM in response to Mac Admin1by sdaniel5,I agree. This seems like Think Same (and soak 'em whenever possible) !
-
Jul 11, 2012 9:50 AM in response to Mac Admin1by kaltekar,10.7.5 is still in beta, the fix may be in that update as well.
-
Jul 13, 2012 5:35 AM in response to sébastienfromquebecby Christoph Reichenberger,We had the same problem here with our own mail server. Thanks to the helpful support from Stalker (Communigate Pro), it turned out that the problem was that the certificate used a key length of only 512 bit. I created a new certificate with 2048 bits, and the problem was solved!
This may help at least those of you who have administrative access to their mail server.
Christoph Reichenberger
Ergonis Software GmbH
-
Jul 15, 2012 5:23 AM in response to Christoph Reichenbergerby Mac Admin1,I can also confirm Christoph's solution is working!
Let me note my clients are not behind a proxy like most of you on this list, we only have issues with mail server certificate not being accepted by Mail.app - regardless it's set to 'Always Trust'.
Seems like Apple quietly lifted the minimum key length limit of acceptable certificates from 512 to '?' with 10.7.4 update (I had no time to figure out the exact value). But as Christoph suggested we recreated the mail servers certificate - now its 4096bit and works perfectly, I only had to delete the old certificate from keychain and set the new one to 'Always trust'. Mail.app is not complaining about certificate anymore.
Thank you Christoph!
edit:
turns out I missed to read the tech.note from Apple about 10.7.4:
"Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits."
for more details read:
http://support.apple.com/kb/HT5281?viewlocale=en_US&locale=en_US
-
Jul 15, 2012 10:41 AM in response to quickStiby mrkite,Boring process, but so efficient ! This solves the issue to connect to the Mac App Store on my wife's MBP.
Clever and crucial help, thanks a million.
Cheers
JB
-
Jul 18, 2012 5:53 PM in response to sébastienfromquebecby arthurlockman,I do believe that I've found a solution! I was having the exact same problem, and I think I've fixed it. I outlined what I did in a blog post, over here. Hopefully this helps!

