Invalid Certificate on every secured website

Thank you quickSti, you solved my problem as well. Apple senior tech finally got back with me and reported apple engineers had no answers as of yet so I gave him your thread that solved the problem. He was going to pass it on up to apple engineers in hopes that they could now solve the problem for everyone else with an update.

It has been five weeks. Has anyone received any udpates on this? I'm still stuck.

I noticed that this problem was fixed in some release today (july 3, 2012). I suspect that the culprit in my case was Chrome and not os/x. In any case I did nothing and suddently sites which were inaccessible started working in Chrome. Go figure.

Nope, I do not have Chrome or any other third party app and issue still persist

it is definitely tied to bug in Lion, no possibility to correctly check validity of certificates when you are behind ISA proxy. In networks without proxy (at home, for example), everything works fine.

***HAPPY DANCE***

Merci Sébastien!

to fix a BUG that's caused by an update we have to Upgrade = buy a new OS?

I don't like this 'think different' logic...

Yeah, especially since I'm sure it's not going to be an easy sell to my corporate IT support that I need them to let me upgrade to Mountain Lion just to fix a bug with Snow Leopard.

I agree. This seems like Think Same (and soak 'em whenever possible) !

10.7.5 is still in beta, the fix may be in that update as well.

We had the same problem here with our own mail server. Thanks to the helpful support from Stalker (Communigate Pro), it turned out that the problem was that the certificate used a key length of only 512 bit. I created a new certificate with 2048 bits, and the problem was solved!

This may help at least those of you who have administrative access to their mail server.

Christoph Reichenberger

Ergonis Software GmbH

I can also confirm Christoph's solution is working!

Let me note my clients are not behind a proxy like most of you on this list, we only have issues with mail server certificate not being accepted by Mail.app - regardless it's set to 'Always Trust'.

Seems like Apple quietly lifted the minimum key length limit of acceptable certificates from 512 to '?' with 10.7.4 update (I had no time to figure out the exact value). But as Christoph suggested we recreated the mail servers certificate - now its 4096bit and works perfectly, I only had to delete the old certificate from keychain and set the new one to 'Always trust'. Mail.app is not complaining about certificate anymore.

Thank you Christoph!

edit:

turns out I missed to read the tech.note from Apple about 10.7.4:

"Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits."

for more details read:

http://support.apple.com/kb/HT5281?viewlocale=en_US&locale=en_US

Boring process, but so efficient ! This solves the issue to connect to the Mac App Store on my wife's MBP.

Clever and crucial help, thanks a million.

Cheers

JB