Can't verify certificate
I've just changed email provider and I'm starting to get the mail can't verify certificate message every time I open up Mail. I remember I had this before but can't for the life of me remember what I did to finally resolve the issue! I've checked the "always trust" checkbox but the certificate message still appears. Please help!
I'm having the same problem, and checking and unchecking the "Always trust..." box. I've even tried closing mail and reopening it. I've tried sending an email from the account to my gmail account, confirming the email has been received, and then closing and reopening Mail. Still I get the "Mail can't verify" message.
I'm NOT using SSL for my mail. HOWEVER, since I have a hosting account, and since my email on that account is IMAP, and since there's special group of emails that I want to access on my cell and laptop too, I created another email address and am making sure that these particular emails are going there.
That means that two email accounts are going to the same mailserver address - mail.[mydomainname].com. The MTP is the same for incoming and outgoing.
I've repaired permissions. I've even attempted to throw away my plist, but that will be a nightmare of epic proportions, since getting rid of the plist means that all my accounts and mailboxes are gone and I'd have to recreate everything.
This is a fairly new issue.
Can anyone help Alan and me?
Similar Messages
-
I Have tried everything and it still won't let me open anything in Safari. I have reset the Mac and router. It's just not working.
This could be a complicated problem to solve, as there are several possible causes for it.
Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
Step 1
From the menu bar, select
▹ System Preferences... ▹ Date & Time
Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
Check the box marked
Set date and time automatically
if it's not already checked, and select one of the Apple time servers from the menu next to it.
Step 2
Start up in safe mode and log in to the account with the problem.
Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.
Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.
Step 3
Triple-click anywhere in the line below on this page to select it:
/System/Library/Keychains/SystemCACertificates.keychain
Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
Repeat with this line:
/System/Library/Keychains/SystemRootCertificates.keychain
If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
Step 4
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
In the Keychains list, there should be items named System and System Roots. If not, select
File ▹ Add Keychain
from the menu bar and add the following items:
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
Open the View menu in the menu bar. If one of the items in the menu is
Show Expired Certificates
select it. Otherwise it will show
Hide Expired Certificates
which is what you want.
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
Secure Sockets Layer (SSL)
select
no value specified
Close the inspection window. You'll be prompted for your administrator password to update the settings.
Now open the same inspection window again, and select
When using this certificate: Use System Defaults
Save the change in the same way as before.
Revert all the certificates with non-default trust settings. Never again change any of those settings.
Step 5
Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
Help ▹ Keychain Access Help
from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
Step 6
From the menu bar, select
Keychain Access ▹ Preferences... ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Step 7
Triple-click anywhere in the line of text below on this page to select it:
/var/db/crls
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
Restart the computer, empty the Trash, and test.
Step 8
Triple-click anywhere in the line below on this page to select it:
open -e /etc/hosts
Copy the selected text to the Clipboard by pressing the key combination command-C.
Launch the built-in Terminal application in the same way you launched Keychain Access.
Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
If that's not what you see, post the contents of the window. -
We upgraded Lync Server 2010 to Lync 2013.
Users are able to login on desktop clients but unable to connect on mobile client. We get following error message:
Can't verify the certificate from the server.
Please contact your support teamPlease check the Root CA is installed on your mobile device.
Can you sign in externally?
Please check you have updated the DNS records for Lync mobile autodiscover service.
Lisa Zheng
TechNet Community Support -
Safari can't verify website certificates: constant pop-ups
Suddenly, every web page/url I try to navigate to gets me a drop-down warning that states "Safari can't verify ..." etc. Often, these warning relate to websites or addresses unrelated to my attempt. (E.G., I tried to get to my google calendar", but got a warning asking if I still wanted to connect to a youtube site.) This just started happening and is now constant. Any ideas?
Read this whole message before doing anything.
Back up all data. Quit the App Store application if it’s running. Test after each of the following steps until the problem is resolved.
Step 1
Triple-click the line below to select it:
/Library/Updates
Right-click or control-click the highlighted line and select
Services ▹ Reveal
from the contextual menu. A Finder window should open with a folder selected. Move the contents of the selected folder to the Trash. You may be prompted for your administrator password.
Step 2
Do as in Step 1 with this line:
/Library/Preferences/com.apple.SoftwareUpdate.plist
If there's no change, quit the App Store and restore the file you moved from your backup, overwriting the one that may have been created in its place. Otherwise, recreate your settings in the Software Update preference pane.
Step 3
Hold down the option key and select
Go ▹ Library
from the Finder menu bar. Move the following items from the Library folder to the Trash (some may not exist):
Caches/com.apple.SoftwareUpdate
Preferences/com.apple.SoftwareUpdate.plist
Preferences/ByHost/com.apple.SoftwareUpdate.*.plist
Saved Application State/com.apple.SoftwareUpdate.savedState
Here, "*" stand for a long string of letters, numbers, and dashes.
Step 4
If you still have problems, quit the App Store again.
Triple-click anywhere in the line below to select it:
rm -fr $TMPDIR../C/com.apple.SoftwareUpdate
Copy the selected text to the Clipboard (command-C).
Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Paste into the Terminal window (command-V). Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal. -
Hello. Just upgraded to OS X Mavericks v 10.9.1. Now I keep getting "safari can't verify the identity of the website" error. I looked for other updates, but none are available. Am I doing something wrong? Didn't do this before the upgrade, now I can't seem to log into anything through safari.
Most websites are checked to make sure they do not contain viruses or that they are properly encrypted. If safari cannot identify a website's ceritificate, check if other browers do the same thing (make sure they are up to date browsers), if they all say it cannot be verified, then the site was probably hijacked and you should run a full scan of your computer for viruses, unless the page was blocked by safari and redirected to something that said fraudulent webstie detected.
-
Safari keeps dropping down this error message when ever i try to log on to any website safai can't verify the identity of the website ( e.g.. any address ) and the drop down has three choices to click on or else you can't go foward., they are check certificate ______ cancel ______ continue.... This thing is so annoying when trying to go somewhere i just want the error message to go away.
In your Keychain under 'login' delete the VeriSign certificates and then quit and restart all browsers/itunes/app store.
http://apple.stackexchange.com/questions/180570/invalid-certificate-after-securi ty-update-2015-004-in-mavericks -
Safari can't verify the identity of the website.........
So yesterday I removed one stick of memory and added another (larger) stick of memory. This is the only thing I have done latly. I had surfed the net after changing ram and nothing seemed wrong. Today when I go to log in to my e-mail I get the warning that "Safari cant verify the identity of the website........" Found it a little odd. I went to another website where I am always logged in however this time I wasn't. When I clicked on the login button the safari warning appeared again. I checked two other sites that I frequent and am always logged into except now I'm not. It even appeared when I logged in to post this queston. Is this something to worrie about? Is there an virus or spyware I could have picked up somewhere? Is this a security issue? what's the problem? This is just too weird and I'm a little paranoid anyways.
Hello Linc,
April 13, 2015
For years you've been a most valuable asset to me here at Apple.Com.
I REALLY wish I could speak with you on the phone, because this is a little heavy.
But for now I am TRYING to find the instructions/article that appears when you click the question mark "?".... that appears at the bottom of the drop down message which reads as follows....To see an image of it...the scroll halfway down and someone named WildBill posted an image of the drop down that is associated with the subject of this thread.....One of the 2 links below will show you a picture of the drop down and question mark.
FIX for: "Safari can't verify the identity of the website" - certificate not valid
Below is something that may or not be relative....but I just wanted you to see a photo of the drop down warning,...I think the one ABOVE is the one....the one below I'm not sure.....I am so tired right now.
https://discussions.apple.com/thread/6983714?start=15&tstart=0
Below is an article apple sent me but this is not what I was looking for
OS X: Keychain Access asks for keychain "login" after changing login password - Apple Support
There is a question mark that when you click on it sends you to an article/instructions on the side telling you what to do, but since I no longer get this pop up I can't find THAT article/instructions.
I'm pretty sure the headline of the article read something like this.
"What to do if Safari can't verify a security certificate as valid".....something like that.
The reason I need to see those instructions again is I need to retrace my steps to make sure I didn't make a mistake when I was in Keychain Access.
I called Apple and they didn't seemed interested in helping me.
Perhaps you can.
Thanks Linc,
Apple Dreamer
P.S....How do I know if you respond to this?.....Should of I left my phone number or email address? -
Safari can't verify the identity of website. What to do?
I am getting a "certificate invalid" message using Safari on a number of sites, including my bank, Apple iTunes, insurance company, and many others. The message is: "Safari can't verify the identity of the website (then the specific site is named)". I have spoken with my bank and they say it is an issue with Safari and I should try another browser. I tried Firefox and the connection to the sites is perfect, no issues or warnings at all. What is wrong with Safariu and what, other than stop using it, can be done to correct the certificate issue?
Back up all data.
Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:
8.8.8.8
8.8.4.4
That's Google DNS. Click OK, then Apply.
In Safari, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
and confirm. If you’re using another browser, empty the cache. Test. Any difference?
Notes:
1. If you lose Internet access after making the above change to your network settings, delete the Google servers in the Network preference pane, then select the TCP/IP tab and click Renew DHCP Lease. That should restore the original DNS settings; otherwise restore them yourself. Remember that you must click Apply in order for any changes to take effect.
2. I don't use Google DNS myself, though I have tested it, and I'm not recommending it or any other DNS provider; the server addresses are offered merely for testing purposes. There may be privacy and technical issues involved in using that service, which you should investigate personally before you decide whether to keep the settings. Other public DNS services exist. -
Verify certificate using Bouncycastle (J2ME)
Good evening. I have a problem.. I'm trying to verify certificate but signatures doesn't match!!!
byte[] cert_decoded = Base64.decode(pem_cert);
ASN1InputStream ais = new ASN1InputStream(cert_decoded);
DERObject obj = ais.readObject();
ASN1Sequence seq = (ASN1Sequence)obj;
ais.close();
X509CertificateStructure cert = new X509CertificateStructure(seq);
// getting certificate signature
byte[] signature = cert.getSignature().getBytes();
// trying to get "to be signed" structure
TBSCertificateStructure tbs = cert.getTBSCertificate();
// is it correct? trying to get bytes array of TBS..
byte[] tbs_byte = tbs.getEncoded();
RSAEngine engine = new RSAEngine();
// Is it correct? Cert uses "RSAwithSHA1"..
SHA1Digest digest = new SHA1Digest();
// Public key i'v got before from signing CA cert...
PSSSigner signer = new PSSSigner(engine, digest, 0);
signer.init(false, pub);
signer.update(tbs_byte, 0, tbs_byte.length);
boolean istrue = signer.verifySignature(signature);
In all cases i'm getting FALSE 8( what's wrong, please help! 8(
I tried to sign TBS data using CA's private key but signatures doesn't match anyway...I found example code here: http://www-128.ibm.com/developerworks/library/j-midpds.html
Below is that code pieced together with some minor fixes (seems they
had outdated calls to verifySignature() and generateSignature()).
This program runs and returns true for me. Maybe this can
help you figure out what's going on with your code...
import java.math.BigInteger;
import java.security.SecureRandom;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.util.encoders.Base64;
public class RSASigBCLW {
private static BigInteger pubExp = new BigInteger("11", 16);
private static RSAPrivateCrtKeyParameters privKey;
private static RSAKeyParameters pubKey;
public static void main(String[] args) {
try {
_main(args);
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
* @param args
public static void _main(String[] args) throws Exception {
SecureRandom sr = new SecureRandom();
RSAKeyGenerationParameters RSAKeyGenPara = new RSAKeyGenerationParameters(
pubExp, sr, 1024, 80);
RSAKeyPairGenerator RSAKeyPairGen = new RSAKeyPairGenerator();
RSAKeyPairGen.init(RSAKeyGenPara);
AsymmetricCipherKeyPair keyPair = RSAKeyPairGen.generateKeyPair();
privKey = (RSAPrivateCrtKeyParameters) keyPair.getPrivate();
pubKey = (RSAKeyParameters) keyPair.getPublic();
String message = "this is a test message.";
String signature = getSignature(message);
boolean b = verify(message, signature, getMod(), getPubExp());
System.out.println("verify? =" + b);
// Public key specific parameter.
public static String getMod() throws Exception {
return (new String(Base64.encode(pubKey.getModulus().toByteArray())));
// General key parameter. pubExp is the same as pubKey.getExponent()
public static String getPubExp() throws Exception {
return (new String(Base64.encode(pubExp.toByteArray())));
static public String getSignature(String mesg) throws Exception {
SHA1Digest digEng = new SHA1Digest();
RSAEngine rsaEng = new RSAEngine();
PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
signer.init(true, privKey);
byte[] mbytes = mesg.getBytes();
signer.update(mbytes, 0, mbytes.length);
byte[] sig = signer.generateSignature();
String result = new String(Base64.encode(sig));
return result;
static public boolean verify(String mesg, String signature, String mod, String pubExp) {
BigInteger modulus = new BigInteger(Base64.decode(mod));
BigInteger exponent = new BigInteger(Base64.decode(pubExp));
SHA1Digest digEng = new SHA1Digest();
RSAEngine rsaEng = new RSAEngine();
RSAKeyParameters pubKey = new RSAKeyParameters(false, modulus, exponent);
PSSSigner signer = new PSSSigner(rsaEng, digEng, 64);
signer.init(false, pubKey);
byte[] mbytes = mesg.getBytes();
signer.update(mbytes, 0, mbytes.length);
boolean res = signer.verifySignature(Base64.decode(signature));
return res;
} -
MAC OS X 10.6.8 (safari can not verify website)
Hi
For past few days i am having problem when i try to visit any website it show a massage "safari can not identify the address of the website www..... then below he message is "The certficate of this website is invalid". this message is coming up on all the website
thank you for your helpRunning the combo updater should fix this for you. It should update the certificate that is out of date that is at the root cause of the problem.
You posted in the Snow Leopard forum so here is the link for Snow Leopard combo. Check under the Apple in the Menu bar > About this Mac to verify you are on 10.6
Combo updater: Mac OS X 10.6.8 Update v.1.1 - 1.09 GB
http://support.apple.com/kb/DL1399
If you still see the error after running the combo updater, open Keychain Access in Applications/Utilities.
Under Keychain Access in the Menu bar select run Keychain First Aid (see FIX for: "Safari can't verify the identity of the website" - certificate not valid for more details on running Keychain First Aid to repair certificates) -
"Mail can't verify the identity of" after 10.6.4 update.
So our Exchange 2003 server uses a wildcard certificate so we can protect multiple resources without buying 10 different SSL certs. It's been working perfectly so far, until I updated to 10.6.4. Now I get the following error. I've even deleted the account in Mail.app and re-added and it still won't take the wildcard SSL. The error is:
"Mail can't verify the identity of "mail.xxxxxxxxxxx.net" +(our domain)+ "An SSL error has occurred and a secure connection to the server cannot be made."Great. I've done nothing else and it has resolved itself. I hate when that happens because I can't conclude what the final fix was. I can only guess that accepting the wildcard SSL fixed it since that was the last thing I did.
So, I can only conclude at this point that accepting the SSL and rebooting(?) fixed the issue. -
Verify Certificate when opening Mail
Hi,
I hope someone can help. Every time I open up Mail,on my iMac, I get a "Verify Certificate" dialogue box. With the following message;
"Mail can't verify the identity of mail.me.com.
The certificate for this server is invalid.You might be connecting to a server that is pretending to be"mail.me.com" which could put your confidential information at risk. Do you want to connect to the server anyway?
I click connect and the mail works fine. However, the message reappears every time on opening mail.
I have tried the following,
1. I have opened the certificate and clicked on the "Always trust "mail.me.com" when connecting to "mail.me.com"" but this will be not ticked the next time I open Mail.
2. I have deleted then reopened the account.
3. I have deleted the ByHost file in User/library/preferences.
4. I have used the Keychain access and selected always trust for the certificate. It will not stay selected.
Is there any way I can get rid of this message. It does not occur when opening the account from my MBP.
ThanksGreetings,
If you have the same account(s) setup on your Macbook Pro and it works fine there, I'd say your Mail preferences file is corrupt. So, if you make a copy of the com.apple.mail.plist file on your Macbook Pro and move it to Home/Library/Preferences on the problem Mac (which will overwrite the current file), then restart Mail, it should work fine again. -
Mail repeatedly asks to verify certificate
Hi
Using Mail 3.6 on 10.5.8
When I send from my .me account I am repeatedly ask to verify the recipient, with an oval connect button.
Can I stop mail from asking me this every time?
ASTo Clarify,
"Mail can't verify the identitiy of "smtp.mail.me.com".
The certificate for this serve was signed by an unknown certifying authority. You might be connecting to a server that is pretending to be "smtp.mail.me.com" which could put your confidential information at risk. Would you like to connect to the server anyway?
I get three balloons to chose from, show certificate, cancel, and connect. -
Safari is unable to verify certificate.
Safari is unable to verify certificate. Can someone pls advise how to fix this issue? Im getting an error while trying to access adcbactive.com/Login page.
Many Thanks
Abyabytoaby,
When I attempt to access adcbactive.com I'm getting a "Phishing" warning through the Open Dns servers that I'm using. In fact, Open Dns is blocking me from loading that site. Be careful... -
Verify Certificate Mail blocked
After opening mail verify certificate popped up and will not allow me to connect, cancel, shut down, or restart my macbook air.
Both the connect and cancel buttons are grey and not letting me click them. Also even when I try to close the window or quit mail it will say that I can't.Then no window accepts any clicks, so restart is not possible any more. I have to press the kill-button an the back. Not good at all.
Maybe you are looking for
-
Regarding Alv Grid Totals_text is not Printing
Hi All, I am presently working in Alv Grid dispaly. I need to dispaly Totals_Text = 'Totals'. But this text is not displaying in my output dispaly.i am copying my code here. Code: REPORT ZFTRSERV NO STANDARD PAGE HEADING MESSAGE-ID
-
Photoshop Elements 6.0 - Best How to manuals
Hi, Anyone make a recommendation for a MAC user as to which PS E 6.0 book is best for learning? I had assumed PhotoShop for Dummies, but wanted something that might have had a MAC flair to it instead of Windows. Looking for good reference book Lou
-
Anyone seen this error before? thanks, -sancho An error occurred when attempting to call the providers register function. (WWC-43134) An unexpected error occurred: ORA-29532: Java call terminated by uncaught Java exception: Unexpected EOF. (WWC-43000
-
Running Captivate 8 on a Macbook and I am unable to import Powerpoint 2011 (which is up to date) files or slides. I get an error saying that either the file is damaged or I am using an older version of PP....which is not the case. I tried creating
-
Crashing due to text panel plugin
My cs3 Version 5 Mac Indesign has stated crashing upon opening. I have identified the problem as being the plug-ing "text panel.indesignplugin. When I remove it, the program loads correctly, but of course I then lose the functionality of the text pan