Skip navigation

HT1679: Safari, Mac OS X 10.5.3: Changes in client certificate authentication

Learn about Safari, Mac OS X 10.5.3: Changes in client certificate authentication

HT1679 The WEBSITE required client certificate

1206 Views 3 Replies Latest reply: Sep 19, 2013 7:12 AM by MrHoffman RSS
shyam chiluka Level 1 Level 1 (0 points)
Currently Being Moderated
Sep 18, 2013 12:07 AM

I am unable to login to URL it is saying client certificate authentication required.

 

Please help me .

 

Also I receive my emails of our company but I cant send using company server to send emails .

 

Please help.

 

Thanks

 

Shyam

MacBook Air, iOS 6.1.4, recently purchased mac air
  • MrHoffman Level 6 Level 6 (11,720 points)
    Currently Being Moderated
    Sep 18, 2013 8:48 AM (in response to shyam chiluka)

    There are what appear to be three separate questions here.  About OS X client certificates, about iOS client certificates, and a request for assistance with Apple Mail SMTP access.  While Mail.app can use certificates, I'm going to guess that part of the question isn't related to certificates...

     

    For the first, I'll assume Safari 6 on a recent OS X release (eg: 10.7, 10.8), and that you're getting this sheet within Safari (dropdown triggered from a web site that needs client certificates):

     

    SafariClientCertX.png

     

    For the web access, Apple's documentation encourages you to please check with your IT folks, as it would appear that your organization uses personal certificate — a personally-identifying digital certificate, sometimes also called a client certificate — for web authentication.   This usually involves a sequence to acquire and load both the root certificate for the organization, as well as the personal or client certificate used to identify you personally.  Details here can and do vary by organization.

     

    This usually involves downloading and verifying the root certificate and the certificate fingerprint and then loading the organization's root certificate into Keychain (and usually) into the local keychain (you probably don't want to expose these certs to all local users), then following the organization's process for acquiring and signing a personal certificate — there are site-specific tools that perform this sequence within a number of organizations.  In general, you generate a certificate-signing request locally, then the organization signs it for you.  Alternatively, some organizations generate and download both the private and the public keys for you.  Your IT folks should (will?) know details of the specific local sequence.

     

    On the second question (iOS personal certificates), that's probably going to be a client certificate your IT organization provides to you, or possibly a local App or web site that helps you generate that certificate.  Again, the details vary by organization.  Check with your IT organization.

     

    If your IT organization doesn't know how to do this certificate creation and installation (for Safari on OS X and for Safari on iOS), then you're going to be reading and translating whatever instructions exist for the supported platform(s) into those necessary for OS X and iOS.  (I'll see if I can create and post a fairly generic set of documentation for OS X Server and OS X and iOS, but that'll not happen in your timeframe, and that'll inherently not include whatever organization-specific certificate details your IT organization will expect and need.)

     

    On to the third question...  And I would strongly encourage posting the mail issue as a separate and new question if the following doesn't answer this, as this question is very probably a set-up issue with the SMTP server configuration in your mail client and unrelated to how Safari on OS X and Safari on iOS deals with client certificates...

     

    To troubleshoot the SMTP settings issue in this thread (please: posting multiple questions together just confuses discussions, and definitely tends to confuse me as the threads inevitably get more complex and as more folks get involved), open Mail.app > Window > Connection Doctor in mail, and then Show Details and re-run the test.  Almost certainly, the username or password, the port, the SSL/TLS setting, or the server name is incorrect.  Connection Doctor might get you more details.  But all of these settings are specific to your organization, and specific to the SMTP send path.  The receive path — POP or IMAP — is apparently correct.  To get to the SMTP server send path in Mail.app, select the account in preferences and use the Edit Servers popup button.

  • Linc Davis Level 10 Level 10 (107,860 points)
    Currently Being Moderated
    Sep 18, 2013 7:02 PM (in response to shyam chiluka)

    Try another browser, such as Firefox.

  • MrHoffman Level 6 Level 6 (11,720 points)
    Currently Being Moderated
    Sep 19, 2013 7:12 AM (in response to Linc Davis)

    If you do decide to try Firefox, remember that Firefox has its own local certificate store for client certificates (sharing that same local storage with the far more commonly discussed SSL/TLS root certificates), where Safari stores its client and root certificates in Keychain.  Put another way, to get both browsers working with the client cert(s) apparently in use here, you'll have to load those certs into both places.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.