Safari and Intermediate Certificates

Similar Messages

• OS X Safari and Hotmail Certificate Problem

  Hello Apple discussions,I Am having problems accessing part of a microsoft hotmail account which explains below
  I Have a problem with my hotmail Web account Using OS X 10.6.4 Safari 5.0 when I Try adding another email account to my hotmail account where it says: Add an e-mail account on the left side pane of hotmail. when I Click on Add an e-mail account I Get the error message for a Certificate problem: safari cannot verify the identity of the website ¨col0-sec.mail.live.com¨ I Am using OS X 10.6.4 and Safari 5.0. I Have tried using a earlier version of safari but the same problem occurred so I Tried using Google Chrome (most recent) and Opera Browsers for MAC and with no luck, the exact same problem. so I Tried adding an email account using a windows xp machine, it had no problem adding an email account so the problem seems to be OS X problem. It seems to be something wrong with the certificate for validation on the Microsoft website I Think.I Can send a screen shot of the entire message that popped up for the invalid certificate if needed to fix this problem.

  Thought of something else you might try.
  Open Keychain Access (Applications/Utilities) Select "My Certificates" or on the left.
  If you see a Microsoft/Hotmail certificate, double click that. Click the gray disclosure triangle so
  it faces down. Click the pop up menu next to: When using this certificate and set it to: Always Trust.
  Relaunch Safari and try logging into your Hotmail account.
  Carolyn

• CSS11501 and intermediate certificates

  Hi,
  First : we have the following css :
  Product Name: CSS11501S-K9 F0 SW Version: 07.50.1.03
  Version: sg0750103 (07.50.1.03)
  Flash (Locked): 07.50.1.03
  Flash (Operational): 07.50.1.03
  Type: PRIMARY
  Licensed Cmd Set(s): Standard Feature Set
  I was wondering if there is a way to provide intermediate ssl certificates on the css. We used to upload the pem cert and key and this always worked. Recently we have changed to premium ssl certs from verisign and it looks like we will need to provide the intermediate certificate on the css.
  Does anybody know any reference as to how we can do this ?
  Kind regards,
  Ronny

  Hi,
  No need to look, found it on the net.
  Kind regards,
  Ronny

• Third Party Certificate, 802.1X and Intermediate Certificate

  Hi Guys,
  Quick question:
  Have 802.1x setup with Windows Radius Server - Installed a Godaddy certificate which came with an intermediate root certificate. 
  I would like clients to validate the certificate to connect to the 802.1x, - 
  Question: Do i need to rollout the intermediate root certificate to all windows devices - laptops to validate the godaddy certificate thats presented to the wireless clients? The trusted root on the intermediate root certificate is already installed on windows
  desktops.
  THanks

  Hi,
  1. When you deploy 802.1X authenticated wired access that uses smart cards or other digital certificates for client authentication, you must deploy a private CA on your network
  by using AD CS.
  2. Purchasing certificates from a public CA, such as VeriSign, that is already trusted by Windows-based clients. This option is typically recommended for smaller networks.
  Advantages:
  Installing purchased certificates does not require as much specialized knowledge as deploying a private CA on your network, and can be easier to deploy in networks that have
  only a few NPS servers.
  Using purchased certificates can prevent specific security vulnerabilities that can exist if the proper precautions are not taken when deploying a private CA on your network.
  Disadvantages:
  This solution does not scale as well as deploying a private CA on your network. Because you must purchase a certificate for each NPS server, your deployment costs increase
  with each NPS server you deploy.
  Purchased certificates have recurring costs, because you must renew certificates prior to their expiration date.
  The related KB：
  PEAP-MS-CHAP v2-based Authenticated Wireless Access Design
  http://technet.microsoft.com/zh-cn/library/dd348500(v=ws.10).aspx
  EAP-TLS-based Authenticated Wired Access Design
  http://technet.microsoft.com/zh-cn/library/dd378869(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Uploading of signed certificate Server certificate and Intermediate certifi

  Hello,
  We are implementing SSL for the first time on NW AS JAVA 7.0. I have received signed certificate from the CA.
  It contains Web server certificate and Intermediate certificate.
  I guess we import the Webserver CSR response. I not sure on what is the intermediate certificate and they say it is mandatory.
  Can you please guide.
  Thanks.
  Siddhartha

  Sorry Here,
  Hope I understand this correctly.
  The Comodo Positive SSL is a Web certificate. Although I ask OD to use it, it didn't.
  Then Profile Manager expects a "code signing" certificate which is why all it saw was Open Directory's one.
  Francois

• Site SSL works on Chrome, Safari, and FF for Linux and OS-X, but not FF for Windows 7 (or any Android browser)

  I am setting up a website with SSL: https://coalitionportelgin.ca The SSL connection works (and intermediate certificates are retrieved) in Chrome on Linux, OS-X, and Windows 7; ChromeOS; Firefox (18.0) on OS-X and Linux; and Safari on OS-X, iOS, and Windows.
  However, I am still getting connection errors on Firefox 18.0 on Windows 7 and on all Android browsers, with "This Connection is Untrusted...because no issuer chain was provided."
  This diagnostic tool shows the certificate chain is being pulled, but still reports "Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found."
  http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=coalitionportelgin.ca&protocol=https
  Intermediate certificate is installed:
  $ ls /etc/ssl/certs |grep GandiStandardSSLCA.pem
  GandiStandardSSLCA.pem
  And it is being pointed to:
  $ grep -i -r "SSLCertificateChainFile" /etc/apache2/
  /etc/apache2/sites-available/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem
  /etc/apache2/sites-enabled/000-coalitionportelgin.ca-ssl: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem
  /etc/apache2/httpd.conf: SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA.pem
  For good measure, the intermediate and root certificates have also been appended to the server certificate.
  I have followed all steps indicated by the cert provider, as well as other sources, and have spent hours troubleshooting this. I don't see anything more to be done. Is this a problem of server configuration (and if so, what?) or is this a problem that I can't do anything about?

  Try to ask advice about web development at the MozillaZine "Web Development/Standards Evangelism" forum.
  *http://forums.mozillazine.org/viewforum.php?f=25
  The helpers at that forum are more knowledgeable about web development issues.<br>
  You need to register at the MozillaZine forum site in order to post at that forum.

• Root and Intermediate Certifcate

  I have a probleme with installing a Certificate into the ASA. I have followed the following link http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml but I keep getting a error bij installing the certificate that I received from my 3rd Party CA Vendor.
  I have followed the instructions 5 times and I still get the error ERROR: Failed to parse or verify imported certificate or Certificate does not contain general purpose public key. I think that reason why I am getting this error is because of my certificate needs a root and intermerdiate certificate.
  The certificate I want to install is Comodo PositiveSSL. So can anyone help me how I can solve this problem?

  I have checked the certiticate on my computer after I installed the root and intermediate certificate and certificate looks perfect.
  I get tehe errors after I installed the root or intermediate certificate. So the questionnis how can I install a root and intermediate ceritficate.
  The certificate is based on CSR.
  Sent from Cisco Technical Support iPad App
  heck if you can decode it with SSL before you jump to conclusions.
  Are you installing identity or SA/subCA certs? Is the cert based on a CSR or pre-genrated by CA?

• Godaddy SSL certificate installation problems - intermediate certificate not being recognized

  domain = mail.gottfried.org
  Installed both the certificate and the intermediate certificate from godaddy (used the 10.6 mac os x version)
  Response from:
  http://www.sslshopper.com/ssl-checker.html#hostname=mail.gottfried.org
  The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GoDaddy's Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
  When I check in 0000_any_443_.conf
  I see:
  SSLCertificateFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. cert.pem
  SSLCertificateKeyFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. key.pem
  SSLCertificateChainFile "/etc/certificates/mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE. chain.pem
  I am assuming that the intermediate certificate should be:
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.chain.pem
  When I look at that certicate it is the same as
  mail.gottfried.org.1E5F3C903B64E78E3241929B16F616D1DDD130FE.cert.pem
  When I check keychain and exported both the mail.gottfried.org certificate and also the starfield secure certification authority they match what was installed initially (what I downloaded from Godaddy).
  It looks like in the install process the intermediate certificate is not being linked to the ssl certificate and that the ssl certificate is being used for the chain.
  Anyone have any suggestions?
  I have talked to both Godaddy and Apple Enterprise support. Godaddy has nothing past 10.6 instruction wise (though the support person really tried to help). The Apple rep couldnt really help and if I really want help from them I need to talk to integration where costs start at $700....
  Anyone have an SSL provider that worked properly with 10.8  or has really good support for mountain lion server?
  Please let me know.
  Thanks!

  While you still can, get a refund for the certificate, and get a certificate from somebody else, and preferably one that doesn't need an intermediate?  That'll be the easiest.
  If you're not doing ecommerce or otherwise dealing with web browsers and remote clients that you don't have some control over or affiliation with, you can use a private certificate and get equivalent (or arguably better) security.  Running your own certificate authority does mean you'll learn more about certificates, though.
  Here and here are general descriptions of getting certificates and intermediate certificates loaded, and some troubleshooting here and particularly here (TN2232).  I have found exiting Keychain Access to be a necessary step on various versions.  It shouldn't be, but...
  FWIW and depending on your particular DNS setup and whether you're serving multiple web sites, you'll need a multiple-domain certificate.
  Full disclosure: I've chased a few of these cases around for customers, and it can take an hour or three to sort out what the particular vendor of math, err, certificates has implemented, to confirm the particular certificate formats and possibly convert the certificates where necessary, and to generally to sort out the various posted directions and confusions.  (I'm not particularly fond of any of the major math, err, certificate vendors, either.)

• Invalid security certificate for my website host-they say the problem is Apple Safari and use Firefox instead

  For the past few days, I keep getting an invalid security certificate in Safari whenever I select Edit My Site from my website homepage (http://annaporterartist.com), or whenever I select anything requiring a secure log in from my website host main page (FASO.com). I have contacted technical support at my website host (fineartstudioonline.com) and they say that this has been an intermittently recurring problem in Safari for years and they recommend that I use Firefox instead. As proof of this they emailed a link to an Apple Support discussion, but it was for Mac OS X Lion v 10.7.4 and Safari 5.1, even though I told them I am using Mac OS X Mountain Lion v 10.8.2 and Safari 6.0.2. I do not get this error message anywhere else on the web using Safari. I did try Firefox and it seems to work fine, but I prefer Safari and I want to know why Safari is not working as it should be. I am concerned that there is a real security problem with my website host and I need someone to explain why I am getting this error message, what it means, and if it is, in fact, a known problem with Safari or is my website host corrupted? Really tired of technical support playing pass the buck or pretending the problem does not exist.
  The specific error message is:
  Their response to my inquiry and my reply is shown below:

  Back up all data.
  Launch the Keychain Access application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
  From the menu bar, select
  Keychain Access ▹ Preferences ▹ Certificates
  There are three menus in the window. What is selected in each of them?

• I am getting an invalid certificate notice when going to one web site only, that formerly was not a problem. Happens with Safari and Google Chrome. Any ideas?

  I am getting an invalid certificate notice when going to only one web site, that previously was OK. Happens with both Safari and Google Chrome. Would emptying the system cache fix the problem?

  Well, it seems weird & it has no email listed, you might try contacting them to see...
    [email protected]

• Safari for Windows and Compromised Certificates

  I noticed that there are updates related to fraudulent certificates from DigiNotar.  One is for Lion and the other for Snow Leopard.  My question is, how does this affect Windows users running Safari, and is Apple going to come out with a fix?  I ask the latter because Apple did not patch older OSes like Leopard or Tiger. 

  The Windows version of Safari isn't affected. The Windows OS handles this issue.

• Safari and Sites with Untrusted certificates

  On my old iPhone 3GS i was able to connect to my work's wireless network by going into Safari and accepting the untrusted certificate that my company has on it's wireless log on page. But now with the iPhone 4, when it comes up with the request to confirm the certificate, Safari crashes and returns to the home screen, is this a know problem with sites like this?

  Similar for me. I try to access my work (Fed Govt) email via the web at an https address and mobile safari asks me to accept the certificate. I do, and it crashes. Worse yet, I called Apple to bring the issue to their attention, they went to 2nd or 3rd tier support and came back to me and said its "3rd party" contact them... VERY dissapointed! This same site loaded fine under iPhone OS 3x
  I even tried to export the cert from mac's keychain and installing it via the iPhone config utility. Even with the profile there, the phone does not recognize the website certificate and asks me to accept it... and it crashes yet again.

• Safari and Single Sign on Certificates

  Hi Experts,
  I use service.sap.com in Safari Browser (Lion 10.7.3) internet page & under the below given circumstances, I have a problem loading the page.
  Step 1: Install Firefox (any version) for Mac. Open the service.sap.com internet page and register for Single Sign on Option with the website. After the SSO certificate is added, you may close the firefox.
  Step 2: Open the Service.sap.com website in the safari browser. Browser automatically opens a popup to choose the certificate for single sign on. Choose Cancel in the Pop Up window. Now the page won't load. But if you do the same in the Firefox, the page loads properly. I have tried in Microsoft Windows with different browsers including Google Chrome, Firefox , Internet Explorer 8 and above - all these working correctly by loading the page without the certificate.
  I also could not register for Single Signon from a Safari Browser in Lion 10.7.3;
  Any expert advice is very helpful
  Thanks
  Kasee

  With a workaround, issue is solved.
  I installed Mozilla Firefox, than installed the respective certificate in firefox.
  Now when I open Safari and point to the website, system shows me the correct certificate.
  On choosing the certificate, problem is solved.

• Intermediate Certificates and Yosemite Server

  After several attempts at installing my server's certificate from StartSSL, which requires an intermediate certificate, I finally have everything working except opendirectory/LDAP.  The slapd service simply refuses to send the intermediate certificate along with the server certificate on SSL/636 connections.  It is supposed to send both.
  Anyone know what I need to do to kick slapd into serving all the proper certificates in the chain like the other services (Calendar, Web Server, etc) are doing?

  Been wrestling with this myself for months. Found this on serverfault:
  http://serverfault.com/questions/653419/how-can-one-force-open-directory-server- to-provide-its-full-certificate-chain-to
  Short Answer: slapd can't send the full chain.

• Third party add ons harassing safari and firefox

  third party add ons harassing safari and firefox both, tried turning off cookies add ons etc etc, removing all the files from library/script, add ons etc etc nothing works, when I press a link sometimes a blank page pops up with the top sites view and several commercials by the way, here's a screen http://tinypic.com/r/m7rsl0/8
  could someone please help!
  noah

  You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.