Help

Certification validation issues on corporate LAN

Sonic84
Contributor III

Posted on ‎01-09-2014 09:49 AM

Hello, I've run into a weird issue that I'd like advise on.

We have a publicly signed SSL certificate for our internal JSS. The goal is to have this site trusted by a New Mac with no corporate certs/settings loaded onto it. However when I browse to the JSS on a brand new Mac, Safari will give me a "Certificate signed by unknown authority" error. If I go to my network settings and I check "Auto proxy Discovery" the error will go away.

Does Safari/Keychain/Mac OS X require a internet connection to verify certs even if the signer's root certificate is included in Keychain by Apple? The JSS and the lab Mac I'm testing with are on the corporate intranet.

0 Kudos
3 REPLIES 3

calum_carey
Contributor

Posted on ‎01-09-2014 01:48 PM

* Edit didn't read the post thoroughly

Sounds like it could be a problem from your firewall or proxy. Perhaps they are running some kind of SSL inspection?

0 Kudos

Sonic84
Contributor III

Posted on ‎01-10-2014 06:59 AM

Hello, I was under the impression that the SSL certificate would be validated to the issuers root certificate that ships on the Mac. We used a signer named Thawte. Apple includes ~15 of their root certificates in keychain. Does the Mac need to reach out to the signers server on the internet in stead?

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎01-10-2014 10:33 PM

@Sonic84, if the SSL cert is verified when not going via the Proxy... Then the clients will have be trusting part if the signing chain (like you've mentioned with the Thwate Certs in the keychain).

As @calum_carey says, it sounds like your proxy is interfering. Do you get errors on other HTTPS sites?

0 Kudos