I can report very specific symptoms. There are a few sites I cannot access from Chrome and others that I can, it's pretty random. Twitter is the most annoying one, I use it all the time so I had to give up Chrome for the time being. Safari and Firefox give me warnings for tons of sites, but I can ignore them and continue.
The behavior is the same at home (Comcast) as well as different coffee shops, coworking spaces, and via tethered 3g. Not using a proxy. Tried everything suggested in this thread to no avail.
This issue is even stranger for me. On my Macbook Pro running 10.7.4, I cannot access some credit card sites with any browser. I have Safari, FF, and Chrome and they all give me the invalid certificate notice. On my iMac running 10.7.4, I can access those sites using Safari or Chrome, but not FF. Both machines are on the same home network and not behind a proxy. The folks at Citibank thought I was crazy, but at least I was able to access the site on my iMac.
I am using a Mac Mini running Lion 10.7.4. and am experiencing a similar issue. I am behind a corporate firewall, but our IT staff tells me no changes have been made to the configuration.
The problems were noticed shortly after the last OSX Server software update. Since then I have not been able to access HTTPS sites without getting an error stating my security certificate (Verisign) was an invalid issuer.
Here are the specific things that are amiss.
I have a number or Apple Application Integration Certification Authority certificates that state they are signed by an unknown authority.
Since the update I have also been unable to access the Mac App store without turning off OCSP in the Keychain application.
I have two "Thawte Server CA" certificates, each with a different expiration date. Should I only have one?
If I try to access www.google.com I get an error message stating that "Safari can't verify the identity of the website 'www.google.com'". Taking a look at the certificate is shows www.google.com with a red x to left hand side of it. It is a sub-certificate of Thawte SGC CA which is listed as an invalid issuer. Thawte SGC CA is then shown as a Class 3 Public Primary Certification Authority.
When logging into this site I get a similar error. The security authority in this case is VeriSign Class 3 Extended Validation SSL SGC CA. It is also listed as an invalid issuer.
I tried to upload screen grab of the error message but received the error:
"You don't have permission to do the requested action. You might need to sign in to the system before you can continue." I suspect this is also related.
Things I've tried:
I have reset my keychain, reset Safari, and checked for Flashback malware, all to no avail.
It's one thing to have an annoying computer problem but in this case I don't feel comfortable doing any sensitive work on this computer. Will one logon to my banking website or corporate server have dire consequences for me or my employer? Meanwhile I continue to use my Windows PC until this is resolved.
I have the same problem, not working behind a firewall, using Safari 5.1.7, OSX 10.7.4 -- problem comes up on Paypal, not so far on other banking sites. There has always been a problem about one of the mail programs so that's not new. But wait, there's more -- I just went to sign in from this page, and got a message that Safari could not identify daw.apple.com because "This certificate was signed by an untrusted issuer" (I over-rode that with Continue, and here I am, all signed in.) -- Apple should take note of all this and get us a fix. Soon.
Did you check the time / year / date of your computer... the described occurs when e.g. the year is set to 2001 in error...
I had exact the same challenge, updated the time settings of my daughters macbook - updated OSX via software update (incl. the latest flash updates) and it seems to be ok now - the time and date was the culprit....
Same here - date was correct. I am not behind a corporate firewall or proxy. My 2008 MBP with Core 2 Duo works fine, my 2011 MBP with i7 has this issue - it has been rolled back to 10.7.3 pending a fix by Apple. I will add that I even wiped the i7 machine clean and did a fresh OS install then upgraded to 10.7.4 and still had the problem.
I solved this on my wife's computer by resetting the security certificate settings. This might help others:
Close all windows.
Keychain Access -> click on System Roots on the left, and then click on Certifcates on the bottom left.
Check to see if any of the certificates on the right have the blue "+" symbol - this means they have custom trust settings.
There is a bug in changing the policies, so you'll have to change them via the method below. Changing them just by changing the access to "system defaults" doesn't seem to save. The method below worked for me.
Double-click on each certificate with the custom setting (blue "+"), expand the section labled "trust". Change the "Secure Sockets Layer (SSL)" setting to "no value specified". Close window - you should be prompted for the password. Double-click on the certificate again, expand trust, change the "When using this certificate" setting to "Use System Defaults". Close window, and re-enter password.
If you didn't re-enter your password upon closing the window, the setting didn't take. The blue "+" should disappear after a few seconds when it's set back to default. Once all of the certificates are changed back to default, restart Safari.
This solved all of the problems for my wife's computer with these issues and OSX 10.7.4
I tried checking my system date. The date, time, and time zone are all correct. I tried adjusting the system time to match the time on our proxy server which is in another state. No luck.
Doing a "disable Keychain Access - Certificates - Protocol" only allows me to connect to the App Store.
I tried to do the fix recommended by quickSti. The only certificate I had with a blue "+" was my com.apple.servermgrd, which is self-signed. I modified the settings as suggested. I don't get the error message on as many sites now, but still get the "Invalid Issuer" error when loging into this site.
I'm running Lion Server by the way but only using it for internal file sharing and an in-office website. Are the rest of you also using using an OS X server product?
Since my IT department tells me nothing has changed on their end, and the behavior didn't start until the last system update I strongly suspect that the update is what caused the problem.
Apple has to fix it as it appears that they broke it.
i have been having this same problem, in addition in always getting INVLAID URL in safari.
the invalid URL comes up with things like:
really???? why the heck dont those sties work in safari????
as for the certificate request - it is alway referencing facebook for some reason - i hardly use facebook, and it makes me wonder what is FB doing to see what browsing... but thats a different story.
is there a fix for either of these things???
ive taken it in to apple store twice, and of course it always works there.