10.8/10.9 Security Update 2015-004 & broken SSL.

After updating a couple of 10.8 Macs with Security Update 2015-004, we observed problems with iTunes and App Store. Attempting to update apps in iTunes yielded messages like this:

Screen Shot 2015-04-15 at 12.33.50 PM

It took some digging, but we stumbled onto this post that suggested that it may be a problem with Verisign SSL certificates.

When we opened the login keychain, we found two “VeriSign Class 3 Public Primary Certification Authority – G5” certificates. The cert expiring in 2036, with serial number beginning in

18 DA D1

is the certificate you want to keep.

Removing the other certificate immediately resolved the issue.

On affected Macs, problems also appear in Safari and Chrome.  It does seem to be intermittent; we’re not hearing that this is widespread.

On the surface, it appears that this is related to changes Apple made in the certificate trust policy.