I have had numerous problems with getting PKI certificates to work properly on my MBP. My issue is that I am using PKard to install US government PKI certificates from a CAC onto my Mac - I use both a MBP (late 2012) and an iMac (mid 2011). Up until a couple of weeks ago, I had no issues. Both Macs are running the latest software updates from Apple.
But now my access to certain PKI-enabled MS SharePoint sites is failing. Not blocked - Safari just tells me that the secure connection has failed. I access multiple PKI-enabled MS SharePoint sites, they are each controlled by separate domains. And it is only one MS SharePoint site that fails to establish a secure connection, the other loads without any issues. To make matters even more confusing, this is only happening on my MBP, access to PKI-enabled MS SharePoint sites from this one domain is working just fine on my iMac.
I did get a new CAC at roughly the same time as the problems were occurring. But in the past this has never presented itself as a problem - I automatically delete my PKI certificates from Keychain Access and then reload them using the PKard Assistant (see below). I am sure I am missing something with this - but I am at a loss as to explain what it is exactly as I can still access this particular domain's PKI-enabled MS SharePoint sites from my iMac.
Both Macs access the Internet via my home wi-fi. I tried accessing the Internet via a hard line to the modem (CAT5 cable) with both Macs, the problem repeats itself. I also access the Internet on occasion via a tethered connection to my iPhone 6s Plus. The problem repeats itself there as well (I did test this by tethering both my MBP and iMac).
- I don't think this is due to Apple pushing some sort of security update - as I can access the PKI-enabled MS SharePoint site on my iMac. This would be a possibility if it was occurring on both Macs. Same goes on the SharePoint side - I have spoken (via email) to the admins for the site I am having issues accessing, there is nothing wrong with my permissions. Also, my PKI certificates work fine with Outlook Web Access (OWA).
- I have added the specific domain to ClicktoPlugin and Ghostery. I have also tried disabling them entirely as well, neither worked (ClicktoPlugin should not be interfering, but I figured why not try this).
- I have disabled GlimmerBlocker entirely. This had no effect.
- I have created a rule to allow all connections from the domain in Little Snitch, as well as disabling it entirely. This had no effect.
- I disabled IPv6 via the Terminal, for both Ethernet and Wi-Fi. This had no effect.
- I disabled each component of Intego VirusBundle X8, and also uninstalled it completely. This had no effect.
- I have deleted and reloaded my PKI certificates from my CAC using PKard. This had no effect.
- I have turned off and turned back on the Mac Firewall. This had no effect.
- I have deleted all Safari security preference files (~/Library/Preferences/). This had no effect.
- I followed a recommendation in this thread (Link to this post) about setting certain certificates to not trusted, trusted, system defaults, nothing worked. I also did this for my US government PKI certificates, same failure to establish a secure connection.
Any help would be appreciated. I use my MBP for work (I don't always have access to a US government computer), and need only to access OWA and MS SharePoint sites. It is a pain to have to drive home (1/2 hour drive) just to send an email or update a SharePoint site.
UPDATE: From the following post: [Link to this post]. Was asked to delete the Cache.db file at ~/Library/Caches/com.apple.Safari/Cache.db, this didn't work. Was also asked to go to Safari > Preferences, select the Privacy tab, then click the Remove All Website Data button. This also didn't work.
UPDATE: Never did solve the problem. But I was able to get Chrome (the SRWare Iron browser) to load the page. Still irritated that the SharePoint sites from this one domain load properly in Safari on one Mac and not the other. Oh well.
MacBook Pro, OS X El Capitan (10.11.4)
But now my access to certain PKI-enabled MS SharePoint sites is failing. Not blocked - Safari just tells me that the secure connection has failed. I access multiple PKI-enabled MS SharePoint sites, they are each controlled by separate domains. And it is only one MS SharePoint site that fails to establish a secure connection, the other loads without any issues. To make matters even more confusing, this is only happening on my MBP, access to PKI-enabled MS SharePoint sites from this one domain is working just fine on my iMac.
I did get a new CAC at roughly the same time as the problems were occurring. But in the past this has never presented itself as a problem - I automatically delete my PKI certificates from Keychain Access and then reload them using the PKard Assistant (see below). I am sure I am missing something with this - but I am at a loss as to explain what it is exactly as I can still access this particular domain's PKI-enabled MS SharePoint sites from my iMac.
Both Macs access the Internet via my home wi-fi. I tried accessing the Internet via a hard line to the modem (CAT5 cable) with both Macs, the problem repeats itself. I also access the Internet on occasion via a tethered connection to my iPhone 6s Plus. The problem repeats itself there as well (I did test this by tethering both my MBP and iMac).
- I don't think this is due to Apple pushing some sort of security update - as I can access the PKI-enabled MS SharePoint site on my iMac. This would be a possibility if it was occurring on both Macs. Same goes on the SharePoint side - I have spoken (via email) to the admins for the site I am having issues accessing, there is nothing wrong with my permissions. Also, my PKI certificates work fine with Outlook Web Access (OWA).
- I have added the specific domain to ClicktoPlugin and Ghostery. I have also tried disabling them entirely as well, neither worked (ClicktoPlugin should not be interfering, but I figured why not try this).
- I have disabled GlimmerBlocker entirely. This had no effect.
- I have created a rule to allow all connections from the domain in Little Snitch, as well as disabling it entirely. This had no effect.
- I disabled IPv6 via the Terminal, for both Ethernet and Wi-Fi. This had no effect.
- I disabled each component of Intego VirusBundle X8, and also uninstalled it completely. This had no effect.
- I have deleted and reloaded my PKI certificates from my CAC using PKard. This had no effect.
- I have turned off and turned back on the Mac Firewall. This had no effect.
- I have deleted all Safari security preference files (~/Library/Preferences/). This had no effect.
- I followed a recommendation in this thread (Link to this post) about setting certain certificates to not trusted, trusted, system defaults, nothing worked. I also did this for my US government PKI certificates, same failure to establish a secure connection.
Any help would be appreciated. I use my MBP for work (I don't always have access to a US government computer), and need only to access OWA and MS SharePoint sites. It is a pain to have to drive home (1/2 hour drive) just to send an email or update a SharePoint site.
UPDATE: From the following post: [Link to this post]. Was asked to delete the Cache.db file at ~/Library/Caches/com.apple.Safari/Cache.db, this didn't work. Was also asked to go to Safari > Preferences, select the Privacy tab, then click the Remove All Website Data button. This also didn't work.
UPDATE: Never did solve the problem. But I was able to get Chrome (the SRWare Iron browser) to load the page. Still irritated that the SharePoint sites from this one domain load properly in Safari on one Mac and not the other. Oh well.
MacBook Pro, OS X El Capitan (10.11.4)
Last edited: