subject:"SSL Certificate Madness \(Rant\)"

Re: SSL Certificate Madness (Rant)

2020-12-28 Thread 'Janina Sajka' via MacVisionaries

Hi All:

This is a note of thanks to the several folks who offered suggestions
for resolving my frustration with Apple Mail. I'm not sure who's
suggestion did the magic, but the issue is now seemingly well resolved.
Sending and recieving mail is working as expected.

As I say, I'm not sure what the exact trigger was that caused my account
to update its SSL data. I rather think accessing my domain web page with
Safari may have actually been that trigger.


In any case this is probably worth a bug report should anyone know where
to file that. Details showed that OS X was aware the old cert had been
revoked, but that didn't seem to be enough to trigger an attempt to check for a 
newer cert as
it should have.

Best,

Janina

'Janina Sajka' via MacVisionaries writes:
> 
> 
> Yes, I need to spout off. If you don't care, stop reading!
> 
> I generally hold my Macs in high regard. But, at times they're downright
> stupid.
> 
> I have a new SSL server certificate on my rednote.net server. It is
> correctly setup, and Linux validation tools find it fully acceptable.
> 
> Thunderbird has no problem using it.
> 
> Android has no problem using it.
> 
> Both of my Macs are stumped. They're still hanging on to the old
> certificate for dear life. If I show details, I can clearly see the old
> certificate. My Mac informs me it's been revoked. No kidding, Sherlock?
> 
> Nor is it sufficient to delete the Internet Account / Mail identity and
> create a new one, because the old certificate is buried in the tangle of
> authentications that's in the Utilities folder, in the Keychain app.
> 
> Growl. I want to bite someone's nose off.
> 
>  
> OK, I guess I feel a bit better now, but I still have the problem.
> 
> Best,
> 
> Janina
> 
> -- 
> 
> Janina Sajka
> https://linkedin.com/in/jsajka
> 
> Linux Foundation Fellow
> Executive Chair, Accessibility Workgroup: http://a11y.org
> 
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Co-Chair, Accessible Platform Architectures   http://www.w3.org/wai/apa
> 
> -- 
> The following information is important for all members of the Mac Visionaries 
> list.
> 
> If you have any questions or concerns about the running of this list, or if 
> you feel that a member's post is inappropriate, please contact the owners or 
> moderators directly rather than posting on the list itself.
> 
> Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
> mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
> caraqu...@caraquinn.com
> 
> The archives for this list can be searched at:
> http://www.mail-archive.com/macvisionaries@googlegroups.com/
> --- 
> You received this message because you are subscribed to the Google Groups 
> "MacVisionaries" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to macvisionaries+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/macvisionaries/20201223210247.GA3792%40rednote.net.

-- 

Janina Sajka
https://linkedin.com/in/jsajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:   http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures http://www.w3.org/wai/apa

-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/20201228174427.GA5259%40rednote.net.

Re: SSL Certificate Madness (Rant)

2020-12-24 Thread Jonathan Cohn

Hello,
Jost to add to this, you can sort the certificates by using the table header 
command vo-verticleBar (or in C type languages or bar ). Then vo-space on the 
column you want. I found in my keychain I had an expired certificate for a boss 
that I stopped working for 10 years ago, and his certificate expired in 2010. I 
haven't talked to him in 5 years,. So I deleted that certificate hash from my 
keychain. I still have about 40 expired certificates in my login keychain, 
though I know there are some cases where these might still be useful, so I am 
leaving them alone.

Best wishes,

Jonathan Cohn



> On Dec 23, 2020, at 21:14, 'Jason White' via MacVisionaries 
>  wrote:
> 
> It appears you can delete it using Keychain Access:
> https://smallbusiness.chron.com/delete-untrusted-certificate-mac-56653.html 
> <https://smallbusiness.chron.com/delete-untrusted-certificate-mac-56653.html>
>  
> From: macvisionaries@googlegroups.com 
> <mailto:macvisionaries@googlegroups.com>  <mailto:macvisionaries@googlegroups.com>> On Behalf Of Steve Matzura
> Sent: Wednesday, December 23, 2020 4:47 PM
> To: macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com>
> Subject: Re: SSL Certificate Madness (Rant)
>  
> Maybe this article 
> <https://css-tricks.com/getting-around-revoked-certificate-osx/> can help.
>  
> On 12/23/2020 4:02 PM, 'Janina Sajka' via MacVisionaries wrote:
>> 
>>  
>> Yes, I need to spout off. If you don't care, stop reading!
>>  
>> I generally hold my Macs in high regard. But, at times they're downright
>> stupid.
>>  
>> I have a new SSL server certificate on my rednote.net <http://rednote.net/> 
>> server. It is
>> correctly setup, and Linux validation tools find it fully acceptable.
>>  
>> Thunderbird has no problem using it.
>>  
>> Android has no problem using it.
>>  
>> Both of my Macs are stumped. They're still hanging on to the old
>> certificate for dear life. If I show details, I can clearly see the old
>> certificate. My Mac informs me it's been revoked. No kidding, Sherlock?
>>  
>> Nor is it sufficient to delete the Internet Account / Mail identity and
>> create a new one, because the old certificate is buried in the tangle of
>> authentications that's in the Utilities folder, in the Keychain app.
>>  
>> Growl. I want to bite someone's nose off.
>>  
>> >  
>> OK, I guess I feel a bit better now, but I still have the problem.
>>  
>> Best,
>>  
>> Janina
>>  
> -- 
> The following information is important for all members of the Mac Visionaries 
> list.
>  
> If you have any questions or concerns about the running of this list, or if 
> you feel that a member's post is inappropriate, please contact the owners or 
> moderators directly rather than posting on the list itself.
>  
> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: 
> mk...@ucla.edu <mailto:mk...@ucla.edu> and your owner is Cara Quinn - you can 
> reach Cara at caraqu...@caraquinn.com <mailto:caraqu...@caraquinn.com>
>  
> The archives for this list can be searched at:
> http://www.mail-archive.com/macvisionaries@googlegroups.com/ 
> <http://www.mail-archive.com/macvisionaries@googlegroups.com/>
> --- 
> You received this message because you are subscribed to the Google Groups 
> "MacVisionaries" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to macvisionaries+unsubscr...@googlegroups.com 
> <mailto:macvisionaries+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/macvisionaries/c23cce1f-0583-2a34-a7b1-bd55afde3b05%40noisynotes.com
>  
> <https://groups.google.com/d/msgid/macvisionaries/c23cce1f-0583-2a34-a7b1-bd55afde3b05%40noisynotes.com?utm_medium=email_source=footer>.
> 
> -- 
> The following information is important for all members of the Mac Visionaries 
> list.
>  
> If you have any questions or concerns about the running of this list, or if 
> you feel that a member's post is inappropriate, please contact the owners or 
> moderators directly rather than posting on the list itself.
>  
> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at:  
> mk...@ucla.edu <mailto:mk...@ucla.edu> and your owner is Cara Quinn - you can 
> reach Cara at caraqu...@caraquinn.com <mailto:caraqu...@caraquinn.com>
>  
> The archives for this list can be searched at:
> http://www.mail-archive.com/macvisionaries@googlegroups.com/ 
> <http://www.mail-archive.com/macvisionaries@googlegroups.co

RE: SSL Certificate Madness (Rant)

2020-12-23 Thread M. Taylor

Hello Janina,  

Believe it or not, this problem came up in the beta of both Big Sur and 
Catalina.  

In fact, it drove me nuts in the early beta of Catalina.

Believe it or not, there is, if memory serves, an easy fix for this.  I think 
my solution was to set up the outgoing mail server, manually; as opposed to 
having the mac automatically configure it.

This can be done but it took me quite a while to find the option.  What I 
remember, mostly, is thinking that manually configuring the outgoing server was 
one of the least intuitive procedures I've ever encountered.  Once I figured it 
out, it was simple but as I sit here, composing this reply, I have no idea how 
to do it.  

What I do remember is that you manually configure the outgoing mail server from 
within the Mac Mail app, itself.  There is no need to delve into the Key Chain 
authentication system.

If you cannot discover a simple fix, reply and I'll see if I can locate the 
solution.

Mark


-Original Message-
From: 'Janina Sajka' via MacVisionaries 
[mailto:macvisionaries@googlegroups.com] 
Sent: Wednesday, December 23, 2020 1:03 PM
To: macvisionaries@googlegroups.com
Subject: SSL Certificate Madness (Rant)



Yes, I need to spout off. If you don't care, stop reading!

I generally hold my Macs in high regard. But, at times they're downright stupid.

I have a new SSL server certificate on my rednote.net server. It is correctly 
setup, and Linux validation tools find it fully acceptable.

Thunderbird has no problem using it.

Android has no problem using it.

Both of my Macs are stumped. They're still hanging on to the old certificate 
for dear life. If I show details, I can clearly see the old certificate. My Mac 
informs me it's been revoked. No kidding, Sherlock?

Nor is it sufficient to delete the Internet Account / Mail identity and create 
a new one, because the old certificate is buried in the tangle of 
authentications that's in the Utilities folder, in the Keychain app.

Growl. I want to bite someone's nose off.

https://linkedin.com/in/jsajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:   http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures http://www.w3.org/wai/apa

--
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
---
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/20201223210247.GA3792%40rednote.net.

-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/000301d6d9b8%249b795bc0%24d26c1340%24%40edu.

RE: SSL Certificate Madness (Rant)

2020-12-23 Thread 'Jason White' via MacVisionaries

It appears you can delete it using Keychain Access:
https://smallbusiness.chron.com/delete-untrusted-certificate-mac-56653.html

From: macvisionaries@googlegroups.com  On 
Behalf Of Steve Matzura
Sent: Wednesday, December 23, 2020 4:47 PM
To: macvisionaries@googlegroups.com
Subject: Re: SSL Certificate Madness (Rant)

Maybe this article 
<https://css-tricks.com/getting-around-revoked-certificate-osx/>  can help.

On 12/23/2020 4:02 PM, 'Janina Sajka' via MacVisionaries wrote:

Yes, I need to spout off. If you don't care, stop reading!

I generally hold my Macs in high regard. But, at times they're downright
stupid.

I have a new SSL server certificate on my rednote.net server. It is
correctly setup, and Linux validation tools find it fully acceptable.

Thunderbird has no problem using it.

Android has no problem using it.

Both of my Macs are stumped. They're still hanging on to the old
certificate for dear life. If I show details, I can clearly see the old
certificate. My Mac informs me it's been revoked. No kidding, Sherlock?

Nor is it sufficient to delete the Internet Account / Mail identity and
create a new one, because the old certificate is buried in the tangle of
authentications that's in the Utilities folder, in the Keychain app.

Growl. I want to bite someone's nose off.

http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com 
<mailto:macvisionaries+unsubscr...@googlegroups.com> .
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/c23cce1f-0583-2a34-a7b1-bd55afde3b05%40noisynotes.com

<https://groups.google.com/d/msgid/macvisionaries/c23cce1f-0583-2a34-a7b1-bd55afde3b05%40noisynotes.com?utm_medium=email_source=footer>
 .

-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/003101d6d99a%2485546560%248ffd3020%24%40jasonjgw.net.

Re: SSL Certificate Madness (Rant)

2020-12-23 Thread Steve Matzura

Maybe this article 
 can help.



On 12/23/2020 4:02 PM, 'Janina Sajka' via MacVisionaries wrote:



Yes, I need to spout off. If you don't care, stop reading!

I generally hold my Macs in high regard. But, at times they're downright
stupid.

I have a new SSL server certificate on my rednote.net server. It is
correctly setup, and Linux validation tools find it fully acceptable.

Thunderbird has no problem using it.

Android has no problem using it.

Both of my Macs are stumped. They're still hanging on to the old
certificate for dear life. If I show details, I can clearly see the old
certificate. My Mac informs me it's been revoked. No kidding, Sherlock?

Nor is it sufficient to delete the Internet Account / Mail identity and
create a new one, because the old certificate is buried in the tangle of
authentications that's in the Utilities folder, in the Keychain app.

Growl. I want to bite someone's nose off.



--
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups "MacVisionaries" group.

To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/c23cce1f-0583-2a34-a7b1-bd55afde3b05%40noisynotes.com.

SSL Certificate Madness (Rant)

2020-12-23 Thread 'Janina Sajka' via MacVisionaries



Yes, I need to spout off. If you don't care, stop reading!

I generally hold my Macs in high regard. But, at times they're downright
stupid.

I have a new SSL server certificate on my rednote.net server. It is
correctly setup, and Linux validation tools find it fully acceptable.

Thunderbird has no problem using it.

Android has no problem using it.

Both of my Macs are stumped. They're still hanging on to the old
certificate for dear life. If I show details, I can clearly see the old
certificate. My Mac informs me it's been revoked. No kidding, Sherlock?

Nor is it sufficient to delete the Internet Account / Mail identity and
create a new one, because the old certificate is buried in the tangle of
authentications that's in the Utilities folder, in the Keychain app.

Growl. I want to bite someone's nose off.

https://linkedin.com/in/jsajka

Linux Foundation Fellow
Executive Chair, Accessibility Workgroup:   http://a11y.org

The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
Co-Chair, Accessible Platform Architectures http://www.w3.org/wai/apa

-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
mk...@ucla.edu and your owner is Cara Quinn - you can reach Cara at 
caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/macvisionaries/20201223210247.GA3792%40rednote.net.

Re: SSL Certificate Madness (Rant)

Re: SSL Certificate Madness (Rant)

RE: SSL Certificate Madness (Rant)

RE: SSL Certificate Madness (Rant)

Re: SSL Certificate Madness (Rant)

SSL Certificate Madness (Rant)

6 matches

Site Navigation

Mail list logo

Footer information