SSL problem, affecting multiple parts of OS X
I'm having a problem which appears to be related to OSX's built-in processing SSL certificates. The following issues started happening, all at the same time:
- iTunes cannot connect to the music store at all, I get "error 11333".
- Mail.app cannot connect to my mac.com mailbox, it says 'Mail was unable to verify the identity of this server, which has a certificate issued to "mail.mac.com". The error was: The certificate for the server is invalid. Even if I tell it to "Go Online", it will not connect to the mailbox.
- The "dotMac" System Preferences widget cannot connect to the dotMac servers to show my sync settings, iDisk usage, or the list of machines which are connected to the docMac account.
- IF I USE SAFARI, when I try to log into any of the "mac.com" web pages I get an error message saying 'The certificate for this website is invalid. You might be connecting to a website that is pretending to be "www.mac.com" which could put your confidential information at risk." If I click "Show Certificate", it says that Verisign's self-signed certificate is valid (even though I can't find that key in any of my keychains, including "X509Anchors") but the "www.mac.com" certificate says "This certificate has an invalid issuer". IF I USE FIREFOX, I am able to log into the site without any problems.
The common thread to all of these issues is that they all use the SSL routines built into OS X. Firefox uses its own SSL implementation, and the command line "openssl" tool shows the "www.mac.com.pem" file to be a valid certificate (see http://www.jms1.net/www.mac.com.pem.txt to do your own checking if needed.)
- iTunes cannot connect to the music store at all, I get "error 11333".
- Mail.app cannot connect to my mac.com mailbox, it says 'Mail was unable to verify the identity of this server, which has a certificate issued to "mail.mac.com". The error was: The certificate for the server is invalid. Even if I tell it to "Go Online", it will not connect to the mailbox.
- The "dotMac" System Preferences widget cannot connect to the dotMac servers to show my sync settings, iDisk usage, or the list of machines which are connected to the docMac account.
- IF I USE SAFARI, when I try to log into any of the "mac.com" web pages I get an error message saying 'The certificate for this website is invalid. You might be connecting to a website that is pretending to be "www.mac.com" which could put your confidential information at risk." If I click "Show Certificate", it says that Verisign's self-signed certificate is valid (even though I can't find that key in any of my keychains, including "X509Anchors") but the "www.mac.com" certificate says "This certificate has an invalid issuer". IF I USE FIREFOX, I am able to log into the site without any problems.
The common thread to all of these issues is that they all use the SSL routines built into OS X. Firefox uses its own SSL implementation, and the command line "openssl" tool shows the "www.mac.com.pem" file to be a valid certificate (see http://www.jms1.net/www.mac.com.pem.txt to do your own checking if needed.)
iMac G5, Mac OS X (10.4.10)
