Invalid certificate warnings behind corporate proxy since 10.7.4

Originator:robin
Number:rdar://11444256 Date Originated:10 March 2012
Status:Open Resolved:No
Product:Mac OS X Product Version:10.7.4
Classification:Bug Reproducible:Yes
 
[ Marked as a duplicate of rdar://11232763 (Open) by Apple. ]

When an HTTP connection is made SSL with e.g. Safari behind a corporate SSL proxy with its own certificate, the actual server certificates are marked as having an invalid issuer.
I have tried with a fresh keychain for my user, and by removing crlcache.db and ocspcache.db as mentioned here: https://discussions.apple.com/message/18382755

• Steps to Reproduce:
Configure an SSL proxy via Network in System Preferences (at work we use a Cisco proxy: "Application and Content Networking System Software 5.5.5").
Open safari and go to mail.google.com.

• Expected Results:
No sheet window, secure connection is made and Safari marks it as such.

• Actual Results:
Sheet window: see attached files.
When I go to mail.google.com I get the 'invalid certificate' sheet: the issuer certifcate 'Thawte SGC CA' is marked as valid, but for the certificate 'mail.google.com' it says: 'This certificate has an invalid issuer'.

• Regression:
New bug since 10.7.4.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!