We already had all the crl.* entries. Adding the ocsp.* entries fixed the issue for us.
Thanks! --- Dennis Xu Network Analyst, Computing and Communication Services University of Guelph 5198244120 x 56217 ----- Original Message ----- From: "Don Nightingale" <[email protected]> To: [email protected] Sent: Monday, July 9, 2012 11:29:15 AM Subject: Re: Apple Safari users get certificate warning from CAS server Macs started using ocsp by default in the latest release. The servers used aren't in the default allowed hosts list for the unauthenticated/temp roles. Try adding the ocsp.* host entries for your cert provider in the unauthenticated and temp roles. This cleared up the problem for us (CCA 4.8.2). -- Don On 7/9/2012 11:07 AM, Kelly Slone wrote: > I have noticed the same issue with a new cert we have installed for our guest > wireless implementation of ISE. The "invalid certificate issuer" error is > only seen from clients running 10.7.x Lion that are using Safari. We do not > see this issue on ipads, iphones, windows machines, or other OS X versions > even including the latest developers seed of 10.8 Mountain Lion. > > Thank you, > > Kelly Slone, B.S., MCP > Telecom Specialist II > Marshall University Computing Services > Drinko Library DL 434A > Office: 304-696-6109 > Helpdesk: 304-696-3200 > [email protected]
