Just a "me too" to say that we had to add crl.godaddy.com and ocsp.godaddy.com entries to get our MacOS 10.7.4 users online.
Also, MacOS 10.8 users have to relax their default Gatekeeper settings in order to download the NAC Agent. Those two items got most of our Mac users online during move-in weekend here. Kurt E. Huenemann Heidelberg University Tiffin, Ohio 44883 Do not ever e-mail your password to anyone. CNIT will never ask for your password in an e-mail. On Mon, Jul 9, 2012 at 1:27 PM, Dennis Xu <[email protected]> wrote: > > We already had all the crl.* entries. Adding the ocsp.* entries fixed the > issue for us. > > Thanks! > > --- > Dennis Xu > Network Analyst, Computing and Communication Services > University of Guelph > 5198244120 x 56217 > > ----- Original Message ----- > From: "Don Nightingale" <[email protected]> > To: [email protected] > Sent: Monday, July 9, 2012 11:29:15 AM > Subject: Re: Apple Safari users get certificate warning from CAS server > > Macs started using ocsp by default in the latest release. The servers > used aren't in the default allowed hosts list for the > unauthenticated/temp roles. > > Try adding the ocsp.* host entries for your cert provider in the > unauthenticated and temp roles. This cleared up the problem for us (CCA > 4.8.2). > > -- > Don > > > > On 7/9/2012 11:07 AM, Kelly Slone wrote: > > I have noticed the same issue with a new cert we have installed for our > > guest > > wireless implementation of ISE. The "invalid certificate issuer" error is > > only seen from clients running 10.7.x Lion that are using Safari. We do not > > see this issue on ipads, iphones, windows machines, or other OS X versions > > even including the latest developers seed of 10.8 Mountain Lion. > > > > Thank you, > > > > Kelly Slone, B.S., MCP > > Telecom Specialist II > > Marshall University Computing Services > > Drinko Library DL 434A > > Office: 304-696-6109 > > Helpdesk: 304-696-3200 > > [email protected]
