ICT Documentation Apple MAC Tips & Tricks A FIX FOR SSL CERTIFICATE PROBLEMS ON MAC OS

A FIX FOR SSL CERTIFICATE PROBLEMS ON MAC OS

    What did I do? I called my trusty AppleCare advisor, hoping for an answer. I thought that maybe they could help me figure it out. After getting to senior support, I was told to reinstall Lion, which I did to no avail. My case was then forwarded to the Apple engineering team, with 3 to 5 days to wait until I had an answer. I looked around, through my console logs and through Keychain access, and finally came up with an answer, and a solution to my problems.

    It turned out that my solution was pretty simple. I had to delete a few files and reset one to its default setting.

    1. Delete the files /var/db/crls/crlcache.db and/var/db/crls/ocspcache.db. These can be found using Finder’s Go >; Go To Folder menu (Cmd + Shift + G). This resets the cache of accepted certificates in the system. It doesn’t remove them, it just forces the system to rebuild the caches upon restart.
    2. Open Keychain Access (/Applications/Utilities/Keychain Access). SelectCertificates in the Category picker on the left side. In the search bar, type in the word Class. Look through that list, and find any certificates that have a blue + symbol over their icon. These are the ones you need to modify.
    3. Select one that has a blue +, and hit Command + I. Click the disclosure triangle beside the “Trust” list to show the list of permissions. Now, what we need to do is to set this certificate to use the system defaults. However, for some reason, when you select it, it doesn’t save. So what you need to do is this. Under “Trust”, where it says “Secure Sockets Layer (SSL)”, change the dropdown menu to say “No Value Specified”. Then, close the window. It will ask for your administrator permissions. Then, open the info pane for that certificate again. Under “Trust” again, now set the dropdown that says “When using this certificate:” to say “Use System Defaults”. You can then close out of the info pane, and enter your password again. Do this for any of the certificates that have a blue + on their icon. There should only be one or two at most.
    4. Restart your system.
    Page last modified 11:36, 20 Aug 2014 by khtran

    Comments0

    You must login to post a comment.

    Files0