Macintosh, Internet Explorer, and SSL Proxy Authentication - May 15, 2004

May 15, 2004 - This applies to many browsers other than later versions of Internet Explorer. If you have problems getting the SSL proxy authentication login menu to come up, go into the browser settings and disable TLS support. A classic symptom would be seeing a message 'Document Contains No Data' on Mozilla. As of May 15, 2004, I only know of a couple of relatively-popular browsers where disabling TLS support does not work (with BorderManager 3.6 and later patched per tip #1 here), and they are Safari on a Mac, and Konqueror on Linux. It may be that both of those browsers will work with later versions of the browser.

Mar. 26, 2003 - If you have applied the BMMACSSL1.EXE patch, and SSL Proxy Authentication still is not working for you, please read the following TID:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10081413.htm

Mar. 5, 2003: The Macintosh issue with SSL Proxy Authentication described below should now be fixed! Get the BMMACSSL1.EXE patch for BorderManager 3.6 or 3.7 servers. (That patch should be incorporated in the BM37SP2 and later patches. As of this writing, the BM37SP2 patch is in beta, and the Mac SSL fix has not been incorporated). For BorderManager 3.5 or earlier servers, see the notes below, OR try the BMMACSSL1.EXE proxy.nlm and see if it works.

Feb. 26, 2003: A beta version of BorderManager 3.7 service pack 2 is available, and is supposed to have a fix for SSL support with many browsers, including Mac's. Go to http://beta.novell.com, select Public Beta, and then select the Consolidated Support Pack 9. Next, select View Downloads / Updates, and finally you should be at a list that allows you to select BM.ZIP, a beta version of BM37SP2.

Proxy SSL Issue with Mac's

As long as BorderManager 3.x has been available, people have had problems getting Internet Explorer on a Macintosh to work with BorderManager's SSL Proxy Authentication. Until recently, no version of Internet Explorer worked. Since there is no Macintosh equivalent of CLNTRUST, the only choice for a long time was to use Netscape 4.x for the Mac when SSL Proxy Authentication was enabled.

However, Microsoft has come up with a fix, though for some reason you need to call them to get it.

Rick Bosquet was kind enough to post some details on this in the Novell Public Forums.

"I have gotten the patch from M$ for this but you must use IE 5.0. It works very well once the patch is in. You can call them with this hotfix and they will send you download info.

Internet Explorer for Macintosh hangs after receiving redirect from Novell Border Manager.
Hot Fix for Microsoft Knowledge Base article number Q269223"

So, call Microsoft, get the patch, and while you are at it, find out why they don't just make the patch available for download.

Jan. 28, 2002 note: User John Flint in the Novell Public Forums reports that the fix works fine for IE 5.0, but not IE 5.1. (I suggest Mac users press Microsoft for another fix.)

Other Browsers on MAC's - Oct. 8, 2002

Depending on the OS version on the MAC, you will find other browsers which also fail to work with SSL Proxy Authentication on BorderManager. In general, older Netscape browsers worked, but newer browser versions did not, except perhaps when run in classic mode. However, there is hope. I have reposted a forum message below in the hopes that it will help.

"Hoping against hope, I used the information from the following TID:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10074506.htm

And now have Netscape 7.0 authenticating through SSL on Mac OS 9.1 AND Mac OS 10.1.5. Our BorderManager is currently at 3.6.

The Edit>Preferences...>Privacy∓ Security>SSL and deselect "Enable TLS" works for me.

Just a note for OS X users, I originally tried this on an OS 10.1 machine. Even though the authentication from SSL worked, the browser would have trouble completely loading about half of the links I tried. Did the software update to OS 10.1.5 and thankfully browsing went back to normal. Another surprise, Software Update has never worked right with my OS 9.1 Mac as it could not get through the proxy or filters. Once authenticated, Software Update for OS X works great! Did a great job through BorderManager 3.6."

Return to the Main Page