Invalid Certificate on every secured website

I do believe that I've found a solution! I was having the exact same problem, and I think I've fixed it. I outlined what I did in a blog post, over here. Hopefully this helps!

Nope, it not helps as long as you are behind authentication proxy.

It seems that there are at least two issues with certificatesd in OS X Lion, both with similar symptoms.

If you are connected directly to the interrnet, you can solve it by repairing crl and ocsp caches as described in your blog. Enterprise users using proxy are doomed, no fix at the moment (except disabling CRL and OSCP checks complete thus render entire concept of certificate trust useless)

This worked for me. It's ingenious since there was some kind of bug with the 10.7.4 update and it caused certain certificates to change their trust values or not register them properly in Keychain Access. This method below has you change a certificate's trust value, save it, then change all the certificate's trust values back to default as it should be. This solved my problem and my father can use his banking websites on Safari again. However, it does take some time to enter and re-enter the admin password again and again for over 20 certificates. Good luck and thank you for the advice.

Details: The problem was on a 2.2 GHz Intel Core 2 Duo, 13-inch Late 2007 MacBook (the black - Santa Rosa model - I believe). I even updated everything to the newest software and Safari to 6.0 and it didn't fix the problem until I tried the method below. Apple, get on this.

quickSti wrote:

I solved this on my wife's computer by resetting the security certificate settings. This might help others:

Close all windows.

Keychain Access -> click on System Roots on the left, and then click on Certifcates on the bottom left.

Check to see if any of the certificates on the right have the blue "+" symbol - this means they have custom trust settings.

There is a bug in changing the policies, so you'll have to change them via the method below. Changing them just by changing the access to "system defaults" doesn't seem to save. The method below worked for me.

Double-click on each certificate with the custom setting (blue "+"), expand the section labled "trust". Change the "Secure Sockets Layer (SSL)" setting to "no value specified". Close window - you should be prompted for the password. Double-click on the certificate again, expand trust, change the "When using this certificate" setting to "Use System Defaults". Close window, and re-enter password.

If you didn't re-enter your password upon closing the window, the setting didn't take. The blue "+" should disappear after a few seconds when it's set back to default. Once all of the certificates are changed back to default, restart Safari.

This solved all of the problems for my wife's computer with these issues and OSX 10.7.4

Yes...this is the solution that worked for me. I'd been encountering problems accessing AppStore ever since updating to Safari 6. But once I was able to clear up the Keychain Access issues as described by quickSti, I immediately regained access to AppStore so that I could begin the Mountain Lion upgrade process. Thanks for a great solution!!

Thanks arthurlockman, after quite a few hours smacking my head against a brick wall, the instructions in that blog seemed to have fixed both my Safari certificate problem (Twitter and Apple finally work, at least) and my Mac App Store "connection failed" when trying to log in problem.

I'm glad it work for some. Unfortunately for me it doesn't work. I have no "blue" icons next to any of my trusted roots, just two red expired ones that I can't delete. I'm really surprised that the geniuses at Apple are unable to tell us how to fix it.

Same here, tried everything suggested on this thread (and more from other sites) to no avail. Being behind a corporate proxy seals your fate from the start. App Store won't connect to my account because of this, can't download and upgrade to Mountain Lion to fix the issue. Completely stuck in a loop...

fnankivell,

i have the same problems... it seems we have to wait, what happened... and maybe there will be a security update soon - patching the system to fix this issue.

For some reason it seems that some systems seem to respond well to the given ideas, like ocspd and certificate changes, other systems seem to be simply ignore those tries to get connection to the "mother ship" Apple...

So... if someone has a good working idea, please, please post it here

Firefox. I have been unable to use Paypal since all this nonsense began. I've had to use Firefox to get to it. I too see all these discussions. This is an Apple-generated problem and it looks as though they are unwilling to fix it. So I'm moving everything over to Firefox. Also moving my Mail accounts over to Postbox, to eliminate the Apple-generated snafus (apparently) caused by going from dot mac to mobileme to iCloud ('Just let us do that for you, it's so easy' -- and then when things screw up we have to fix them on the forum. Without the tools they already have in house that they could very well use to fix the bugs.) I think Apple's obsession with the iPod and iPad and iPhone has taken away from their attention to the computers. It's not, we know, a lack of cash. -- I am also watching the interesting reports about Mountain Lion! Running Lion now, will just keep watching.

Running Mountain Lion and have the same problems with invalid cirtificates. I tried all the above fixes with no luck. Now you have to use the App store to get software updates, but guess what? I can't log into the App store because of invalid certificate! I can log into iTunes App store, but not the App store application.

have you tried a clean instal?

Fred-OO wrote:

Running Mountain Lion and have the same problems with invalid cirtificates. I tried all the above fixes with no luck. Now you have to use the App store to get software updates, but guess what? I can't log into the App store because of invalid certificate! I can log into iTunes App store, but not the App store application.

Hi, just did a clean install; erased HD then installed full Mountain Lion, then used Migration Assistant and restored User, Apps, Files etc. Still cannot log into App store. Tried more than App store account and all attempts get Connection Error. Can use Safari, iTunes etc OK. iTunes login works OK. App store is locked up???

Well, I finally got this to work. My symptoms were; after Mountain Lion install, I cannot log into iMessage, FaceTime or the App Store. Getting many certificate errors from websites using Safari. Console log shows various certificate error messages such as Failed to get client cert and Certificate not yet generated each time an Appleid login was attempted.

After carefully following these instructions, step by step fixing cirtificates in the System Root Folder of Keychain, it finally started working. The first time I used these instructions I was apparently in the wrong Keychain Folder.

http://b.rthr.me/wp/?p=356

Cheers

This issue is infuriating me, *absolutely* nothing works. I don't have any blue dots on my certificates, I've deleted all caches and prefs and .plist suggested everywhere, still nothing...

And now I'm reading that the only hope I had, upgrading to ML, is not helping as people still have the same issue after the upgrade. GRRRRR 😟 Anyway, I wouldn't be able to upgrade anyway because I'm still denied access to my account on the App Store.

What the heck happened Apple? I wish I could downgrade to 10.7.3 and put this nightmare behind me...