I'm scratching my head trying to resolve a certificate related issue on Big Sur, and am hoping someone has a suggestion here on something to try.
Issue: The certificate for a website that I need to access (public site, but, not relevant to this issue) was signed by an intermediate CA which was later revoked. The root CA is still good. Safari (macOS?) is somehow caching the site certificate and revoked intermediate, even though Keychain Assistant has no reference to the intermediary certificate, I've emptied my cache from the Develop menu in Safari, and I've even done a "crlrefresh rp" and rebooted several times.
If I visit the same site from another device, or, another account on the same Mac, it works fine - a new intermediate certificate is used and everything connects fine.
So whatever the issue is is contained within my user account, but I'm at a total loss to figure out where, and what needs to be erased or refreshed.
Firefox works fine, Chrome and Chromium (Brave, Vivaldi) based browsers also fail, so, presumably they are getting their certificate data from the same location.
Pulling the raw certificate via openssl also returns the correct information, so whatever this is is just Safari or something within macOS.
Anyone know where I should be looking?
Issue: The certificate for a website that I need to access (public site, but, not relevant to this issue) was signed by an intermediate CA which was later revoked. The root CA is still good. Safari (macOS?) is somehow caching the site certificate and revoked intermediate, even though Keychain Assistant has no reference to the intermediary certificate, I've emptied my cache from the Develop menu in Safari, and I've even done a "crlrefresh rp" and rebooted several times.
If I visit the same site from another device, or, another account on the same Mac, it works fine - a new intermediate certificate is used and everything connects fine.
So whatever the issue is is contained within my user account, but I'm at a total loss to figure out where, and what needs to be erased or refreshed.
Firefox works fine, Chrome and Chromium (Brave, Vivaldi) based browsers also fail, so, presumably they are getting their certificate data from the same location.
Pulling the raw certificate via openssl also returns the correct information, so whatever this is is just Safari or something within macOS.
Anyone know where I should be looking?