Follow us on...
Follow us on Twitter Follow us on Facebook
Register
Page 1 of 2 12 LastLast
Results 1 to 8 of 9
  1. #1
    scruffy's Avatar
    scruffy is offline Notorious Olive Counter
    Join Date
    Dec 2000
    Location
    Soviet Canuckistan
    Posts
    1,726
    Thanks
    0
    Thanked 0 Times in 0 Posts

    new Verisign Certs - unrecognized in OS X

    Has anyone else encountered this problem?

    Apparently, Verisign has switched to new certificate scheme, as of a few months ago.

    Verisign's explanation is here: http://www.verisign.com/support/advi...ge_029264.html
    (yes, it's available as an https page as well, and if you go to that same page as https, the cert checks out.)

    Now, when I go to my work's remote login site using OS X
    https://securelogin.gov.ab.ca
    I get a certificate error (I get no error with Windows). I'm pretty technical, and I can't even figure out how to get a copy of this new Verisign certificate, signed with a key that I already do trust, to import it into my X509Anchors keychain...

    So my questions three:
    - Can someone else using a fully up-to-date OS X check whether they get this error?
    - Can someone else using a fully up-to-date OS other than Windows check for this error?
    - Has anyone encountered this same warning about the Verisign Class 3 Server Certificate elsewhere on the web?

    I see two possibilities
    - Verisign just didn't bother to get anyone but Microsoft to include their new certificates - they just don't care about the rest of the world.
    - If the site in question distributed a full certificate chain, then it could get back to something Macs trust, but they just haven't configured it to do so, because it was only tested from Windows.

    What is the robbing of a bank compared to the founding of a bank?
    -- Bertold Brecht

  2. #2
    Captain Code's Avatar
    Captain Code is offline Moderator
    Join Date
    Aug 2001
    Location
    Ontario, Canada
    Posts
    3,120
    Thanks
    0
    Thanked 17 Times in 2 Posts
    I just tried the website you linked to and my version(latest) of Safari doesn't give any error. The lock appears in the top right of the window indicating a secure connection.
    MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet)
    Athlon 64 Windoze XP for school work (programming) 1GB RAM
    dferns@macosx.com

  3. #3
    cybergoober's Avatar
    cybergoober is offline Neomaxizoomdweebie
    Join Date
    Sep 2001
    Location
    Newport News, VA, U.S. of A.
    Posts
    966
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Captain Code View Post
    I just tried the website you linked to and my version(latest) of Safari doesn't give any error. The lock appears in the top right of the window indicating a secure connection.
    Same here

  4. #4
    scruffy's Avatar
    scruffy is offline Notorious Olive Counter
    Join Date
    Dec 2000
    Location
    Soviet Canuckistan
    Posts
    1,726
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Very interesting - there's nothing in Software Update for me, and I still get the error in both Camino and Safari...

    Capt. Code, I see you're using a PPC machine. Cybergoober, do you use an Intel or PPC machine? I wonder if there might be some certs missing from Intel updates that made it into PPC ones. Doesn't seem likely, but who know...

    And, what Verisign certs are in your X509Anchors keychain?
    For me, the command

    certtool y k=/System/Library/Keychains/X509Anchors | grep VeriSign | grep Common

    gives me this output

    Common Name : VeriSign Class 1 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 1 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 2 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 2 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 3 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 3 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 4 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 4 Public Primary Certification Authority - G3

    What is the robbing of a bank compared to the founding of a bank?
    -- Bertold Brecht

  5. #5
    Captain Code's Avatar
    Captain Code is offline Moderator
    Join Date
    Aug 2001
    Location
    Ontario, Canada
    Posts
    3,120
    Thanks
    0
    Thanked 17 Times in 2 Posts
    Here's what I get

    Common Name : VeriSign Class 1 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 1 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 2 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 2 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 3 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 3 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 4 Public Primary Certification Authority - G3
    Common Name : VeriSign Class 4 Public Primary Certification Authority - G3
    MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet)
    Athlon 64 Windoze XP for school work (programming) 1GB RAM
    dferns@macosx.com

  6. #6
    scruffy's Avatar
    scruffy is offline Notorious Olive Counter
    Join Date
    Dec 2000
    Location
    Soviet Canuckistan
    Posts
    1,726
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Huh, curiouser and curiouser - don't see any difference from what I have.

    If I could try your patience just a bit more, would you mind trying:

    openssl s_client -connect securelogin.gov.ab.ca:443 -showcerts

    And either posting, or PMing me (it is rather verbose), the output?

    Thanks
    Mark

    What is the robbing of a bank compared to the founding of a bank?
    -- Bertold Brecht

  7. #7
    Captain Code's Avatar
    Captain Code is offline Moderator
    Join Date
    Aug 2001
    Location
    Ontario, Canada
    Posts
    3,120
    Thanks
    0
    Thanked 17 Times in 2 Posts
    Looks like openssl can't verify the cert according to the output. I've PM'd you the whole output.
    MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet)
    Athlon 64 Windoze XP for school work (programming) 1GB RAM
    dferns@macosx.com

  8. #8
    Captain Code's Avatar
    Captain Code is offline Moderator
    Join Date
    Aug 2001
    Location
    Ontario, Canada
    Posts
    3,120
    Thanks
    0
    Thanked 17 Times in 2 Posts
    I just tried the site again and now I'm getting a certificate error saying it was issued by an unknown certificate authority but I can still continue.
    MacBook Pro 2.16GHz Core2Duo 3GB RAM, G4 1.4GHz OSX Tiger 1.25GB RAM, Dual 2GHz G5 OSX Tiger 2GB RAM (freakin shweet)
    Athlon 64 Windoze XP for school work (programming) 1GB RAM
    dferns@macosx.com

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. CDs unrecognized in OS X
    By Wendy 722 in forum Mac OS X System & Mac Software
    Replies: 2
    Last Post: February 26th, 2006, 09:37 AM
  2. Adding mail certs to X509 Anchors
    By cavaughan in forum Networking & Compatibility
    Replies: 2
    Last Post: February 24th, 2006, 04:53 PM
  3. Verisign random password dongles OS X?
    By agh98 in forum Mac OS X System & Mac Software
    Replies: 2
    Last Post: August 6th, 2005, 10:22 PM
  4. Unrecognized Internal Modem
    By surgyn in forum Mac OS X System & Mac Software
    Replies: 2
    Last Post: July 11th, 2005, 03:21 PM
  5. CD-RW unrecognized since X.1
    By infinityBBC in forum Mac OS X System & Mac Software
    Replies: 0
    Last Post: November 21st, 2001, 06:07 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •