Skip to main content
Question

Certification validation issues on corporate LAN

  • January 9, 2014
  • 3 replies
  • 18 views
S
Forum|alt.badge.img+12

Hello, I've run into a weird issue that I'd like advise on.

We have a publicly signed SSL certificate for our internal JSS. The goal is to have this site trusted by a New Mac with no corporate certs/settings loaded onto it. However when I browse to the JSS on a brand new Mac, Safari will give me a "Certificate signed by unknown authority" error. If I go to my network settings and I check "Auto proxy Discovery" the error will go away.

Does Safari/Keychain/Mac OS X require a internet connection to verify certs even if the signer's root certificate is included in Keychain by Apple? The JSS and the lab Mac I'm testing with are on the corporate intranet.

    3 replies

    C
    Forum|alt.badge.img+7
    • calum_carey
    • Contributor
    • January 9, 2014

    * Edit didn't read the post thoroughly

    Sounds like it could be a problem from your firewall or proxy. Perhaps they are running some kind of SSL inspection?

    S
    Forum|alt.badge.img+12
    • Sonic84
    • Author
    • Valued Contributor
    • January 10, 2014

    Hello, I was under the impression that the SSL certificate would be validated to the issuers root certificate that ships on the Mac. We used a signer named Thawte. Apple includes ~15 of their root certificates in keychain. Does the Mac need to reach out to the signers server on the internet in stead?

    bentoms
    Forum|alt.badge.img+35
    • bentoms
    • Hall of Fame
    • January 11, 2014

    @Sonic84, if the SSL cert is verified when not going via the Proxy... Then the clients will have be trusting part if the signing chain (like you've mentioned with the Thwate Certs in the keychain).

    As @calum_carey says, it sounds like your proxy is interfering. Do you get errors on other HTTPS sites?

    Terms & ConditionsCookie settingsAccessibility statement