Currently Being ModeratedOct 24, 2012 2:21 AM (in response to canucksgirl01)
Yes - that seems to fix it. Thanks canucksgirl!
Currently Being ModeratedOct 24, 2012 2:43 AM (in response to canucksgirl01)
I have several machines.
Running this on one of them seemed to have worked, but the other is still getting the problem after verify and repair.
Currently Being ModeratedOct 24, 2012 9:00 AM (in response to canucksgirl01)
I tried your solution, found an error in Keychain that was repaired, but the problem continues.
It is also happening on my iPod, and only with Safari.
The problem started last night, and it happens on a majority of websites (including this discussion forum), where a popup warns me that the certificate for the site invalid while trying to connect to "s-static.ak.facebook.com" or other sites that I never use.
I tried deleting apple security preferences, cleaning up some certificates, removing cookies for facebook. Nothing helps. The fact that it is happening so broadly (many users based on current Safari discussions), on all sorts of devices makes me think it is some type of malware or security problem with Safari.
Currently Being ModeratedOct 24, 2012 12:24 PM (in response to canucksgirl01)
Actually, this doesn't fix it. I'm still having it appear in Safari.
Currently Being ModeratedOct 24, 2012 12:36 PM (in response to bruxxx)
bruxxx, S. G., and WildBill,
Can you give me more info about the certificate error? Is it the same "static.ak.facebook.com" cert?
Can you post a screenshot of the certificate message (expanded to include the details)?
Which OS X version are you still having the problem with? (important)
In the mean time, also double check your date & time settings. Certificates are set up to be 'valid' within a certain time frame (ie.: June 2004 - Dec 2015). If you accidentally set the date/time to an incorrect date/time, you can end up getting incessant errors for invalid or expired certificates (because Safari looks at your system date). I find keeping the checkbox for "set date and time automatically" selected helps avoid this annoying issue.
Currently Being ModeratedOct 24, 2012 12:46 PM (in response to canucksgirl01)
I'm on 10.8.2. Already checked date and time settings, which were as they should be.
Found a possible fix for this on quora.com:
I have removed only the com.apple.security.plist file although I also have the
com.apple.security.revocation.plist file that he mentions.
Too early to say if this fixes it. I'll post back.
Currently Being ModeratedOct 24, 2012 12:49 PM (in response to canucksgirl01)
My iPod is still acting up and gives the error "Cannot Verify Server Identity" for static.ak.facebook.com. The iPod is running OS5.1 and happens is only with Safari. I have no problem with time, and obviously, there is no keychain.
Quite a few sites trigger this certificate problem (NYTimes, Apple Discussions, Macrumours.com...). It is probably due to the ubiquitous "Like" button from Facebook. I have never used facebook however.
The sites that it tries to verify the identity of are either facebook, akamai, or others I cannot remember. They are not always "static.ak.facebook.com". If I say "Continue" rather than "Cancel", I am transferred to some gibberish site, not necessarily facebook related.
I will check my laptop tonight that still had problems (even after deleting security preferences). Firefox is unaffected. Other discussions seem to say that the problem eventually corrects itself, and that it is due to Facebook somehow implanting cookies on Safari even the latter is set to accept none.
Currently Being ModeratedOct 24, 2012 1:30 PM (in response to WildBill)
In Mountain Lion, there is a bit of a quirk (if I can use that term) with certificates. You were definitely on the right track with the link you provided, but here is some more information about it and how you can fix it on ML.
Let me know if it works for you... (it seems to be the fix for ML).
Currently Being ModeratedOct 24, 2012 2:02 PM (in response to canucksgirl01)
Thanks for sharing the fruits of your investigation with us all here! I went to the link provided and deleted the requisite files. I did not find any certificates in Keychain Access with a blue +, so I'll let you know if it was enough to delete the aforementioned .plist files and rebuild the two caches.
I wanted to give you a "This helped me" but that option wasn't open to me?
Currently Being ModeratedOct 24, 2012 2:04 PM (in response to S. G.)
Here is the LATEST UPDATE:
The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...
For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.
*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).
Currently Being ModeratedOct 24, 2012 2:08 PM (in response to canucksgirl01)
Thank you for this update. I was starting to worry about malware, as I have also noticed some strange blips of activity from Java asking me to approve an incoming connection and disappearing right away before I can click it - probably unrelated. It is scary to see how one company can mess up millions of websites.
Currently Being ModeratedOct 24, 2012 2:21 PM (in response to WildBill)
It would be nice to know if this worked for you.
Apparently my user Level is too low to post this as a User Tip, so I had to post this in the form of a discussion question, so the options for "This helped me" and "This solved my question" appear to me only... Unfortunately, posting this help topic won't improve my points or Level as a result, but I felt that posting this fix topic separately was better than continuing to post the answer in other threads (as the OP's aren't always selecting the appropriate button, and my posts are getting buried in all the pages). ~ I just wanted to get the word out (one way or another), as I know how annoying it is to be stuck with a problem and can't find the solution.
Currently Being ModeratedOct 24, 2012 2:25 PM (in response to canucksgirl01)
I'll definitely let you know.
That's too bad, you should get some well-earned points out of this. Your participation and your selfless desire to help others is what makes these forums special.
Currently Being ModeratedOct 24, 2012 2:58 PM (in response to canucksgirl01)
MORE INFORMATION ABOUT CERTIFICATES & THE POTENTIAL FOR MALWARE
I wanted to add this information, because I don't want people out there to get the false impression that certificate issues are always safe. In most cases they aren't about anything malicious, and "for the most part", we are safe...
BUT, there ARE new threats popping up all the time that CAN affect you; such as "Morphing Flashback Malware", which makes some certificates, and updates (like an Adobe Flash Player update) etc appear "safe", when they are anything but.
For those who would like to learn more about this potential threat, please read the following:
Apple Releases Update to Remove Flashback Trojan (affecting some 600,000+ Macs)
Bottom line is, threats out there exist.
** PLEASE, make sure you keep your OS and iOS devices up to date!
** Install Anti Virus Software for Macs. I recommend Sophos Anti-Virus for Macs, its free, its what I use, (and its found and destroyed a couple trojans on my Mac already)... but there are other programs out there that you can use. (Just do your research first!)