Can’t connect to SSL Websites? Blame that WiFi login page…

My issues earlier with 1Password were more deeply rooting in a 10.7.2 bug that prevents users from establishing a connection over SSL (SSL connections would timeout) after an attempting to access the web via a connection that uses a captive portal (Like the one at the airport, a hotel, or your local coffee shop).

More details on this one here: http://superuser.com/questions/349740/mac-os-x-lion-10-7-2-update-breaks-ssl

10.7.2 introduced a security patch that addressed the “Security Captive Portal Hijacking” hacks that were emerging. Part of the “fix” involves verifying certificate status using OCSP (Online Certificate Status Protocol) and/or a CRL (Certificate Revocation List). The problem there is that when you’re actually trying to access the web via a captive portal, typically all SSL requests are sent to the portal’s server, including those used to verify the SSL certificates. This results in a bit of an infinite loop;  you get a corrupted keychain, and cannot load SSL websites anymore even after ditching the “problematic” connection.

Until Apple provides an update, here’s he fix: Disable your web connection and reboot. This will repair your keychain. (I opened Keychain access and removed the “unknown” cert from my login keychain as well, after rebooting). Then re-enable your connection and you should be back in business (Ideally connect to a network that doesn’t use a portal now!)