Skip navigation
This discussion is archived

Safari keeps changing a website to "secure"

1509 Views 15 Replies Latest reply: May 20, 2006 10:36 AM by Jpfresno RSS
1 2 Previous Next
Jane Evans Calculating status...
Currently Being Moderated
May 12, 2006 9:49 AM
Suddenly, Safari decided that "http://www.dartmouth.edu" should be "https://dartmouth.edu" As a result, I get the message: "Safari can’t open the page “https://www.dartmouth.edu/”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message."
This suddenly started occuring on my Intel iMac, but not on my G3 iBook. I have cleard the cache, and cannot think of whatelse to do, as it just changes to https immediately upon hitting the Enter key.
Any ideas?
Intel iMac 20". iBook G3, iMac G4, Mac OS X (10.4.6)
  • vmitchell Calculating status...
    Currently Being Moderated
    May 12, 2006 11:26 AM (in response to Jane Evans)
    Have you tried resetting Safari by selecting "Reset Safari" from the Safari menu (next to the Apple in the top left corner)

    <hr>

    - Vince
    Mac Mini 1.25Ghz/512Mb RAM/40Gb HD/Combo, Mac OS X (10.4.6), External MiniMate 80Gb HD & Memorex DVD Burner
  • MacLemon Calculating status...
    Currently Being Moderated
    May 12, 2006 12:37 PM (in response to Jane Evans)
    i have tried the Link you told us and don't experience the autoredirect to https on my PPC based PowerBook. (Safari on 10.4.6)

    You need a valid digital certificate to enter the encrypted (https) site as a security measure. I guess you can obtain one from Dartmouth to correctly authenticate yourself against the server.

    Have you tried resetting your Safari?
    MacLemon
    PowerBook G4, Mac OS X (10.4.5), PPC forever!
  • Barry Hemphill Level 7 Level 7 (33,215 points)
    Currently Being Moderated
    May 13, 2006 9:37 AM (in response to Jane Evans)
    Hello Jane:

    For what it is worth, I typed in both URLs on my G4 and G5 iMacs. They both (https as well) point to the same page. In other words, the web site ignores the https prefix.

    If you have not done so, clear the Safari cache. For "good luck" I would also trash the preference file (com.apple.safari.plist).

    Next would be the suggestion to reset Safari and, finally, to reinstall it.

    Barry

    Message was edited by: Barry Hemphill
    iMacs, 1gHz G4 & 1.8gHz G5; iBook 12" screen, Mac OS X (10.4.6), 512 MB & 1 GB memory, DSL, LaCie 160 GB HD, Canoscan 8400F
  • MacLemon Level 2 Level 2 (450 points)
    Currently Being Moderated
    May 14, 2006 4:07 AM (in response to Jane Evans)
    Don't get me wrong, but certificates etc. reside in your keychain, not in Safari. You could also easily backup them before resetting Safari. The same goes for your Bookmarks, Cookies, whatever. Noone said you should not do backups!

    It's still strange that the intel Mac redirects you automatically, no PPC machines seem to do this.

    Maybe try with another user on that intel Mac! That way you can see if it's Safari itself that has a problem or if it is some setting within your user.
    MacLemon
    PowerBook G4, Mac OS X (10.4.5), PPC forever!
  • iBod Level 7 Level 7 (29,340 points)
    Currently Being Moderated
    May 14, 2006 5:43 AM (in response to Jane Evans)
    Hi,

    Trashing the file Barry refers to will not affect your certificates, bookmarks, history or autofill settings.

    Try accessing the Dartmouth site from a different user account to see how it behaves there. This will help us to know whether your problem is local to your account or a system wide problem. If you don't have another account you can use System Preferences -> Accounts -> [+] to create a test one (and [-] to remove it if needed)

    Hobbes
    iMac G5 20" 2GB RAM, Soundsticks, Netgear 814, Aiport Extreme, Mac OS X (10.4.6)
  • Micah Johnson Calculating status...
    Currently Being Moderated
    May 16, 2006 3:33 PM (in response to Jane Evans)
    This happens on my MacBook Pro as well. I can open the page in Camino, but I get the -1205 error when I try to open it in Safari. I've noticed this problem for a while with sites at Dartmouth but only recently with the home page.

    I have a certificate from the Dartmouth Certificate Authority in my keychain and it doesn't help this problem.
  • Micah Johnson Level 1 Level 1 (15 points)
    Currently Being Moderated
    May 16, 2006 8:02 PM (in response to Jane Evans)
    I emailed webmaster@dartmouth.edu about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.

    "You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."

    "Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."

    "The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server."





       
  • Micah Johnson Level 1 Level 1 (15 points)
    Currently Being Moderated
    May 18, 2006 10:48 AM (in response to Jane Evans)
    Yes, I had many emails back and forth with the webmaster and other people at Dartmouth yesterday. I'm a graduate student in computer science at Dartmouth, so perhaps that helped too. In any case, it should work now.

    If anyone is interested, the problem was that the web server was asking Safari on intel macs for a certificate, Safari was returning a certificate used by iChat AV for encrypted chats, and the web server was rejecting this certificate since it could not verify authenticity. It wasn't a misconfiguration of our browsers or security settings, it was just a situation that the webmaster thought was very unlikely when they decided to make the entire site secure.
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.