-
All replies
-
Helpful answers
-
Mar 11, 2016 12:38 PM in response to risyasinby Mark McKean,OMG. Thank you thank you thank you. That is so simple, and phenomenally careless on Apple's part. What is their problem???
For the record, I will mention that this problem happens not only on El Capitan, but also on Yosemite with Safari 9. At the top of the "bad" Extensions Gallery page, I see this lovely message:
- Extensions in this gallery are compatible with Safari 9.0 or later on OS X El Capitan or Yosemite. Please upgrade to
OS X El Capitan which includes Safari 9.0, or update to OS X Yosemite 10.10.5 and install Safari 9.0 from the Mac App Store.
Well, I'm running 10.10.5 and Safari 9.0.3. Clearly, something is wrong in either Safari 9 or the safari-extensions.apple.com page that is preventing the page from correctly identifying the OS and browser. (This message also pops up if you visit the Extensions Gallery in a browser other than Safari 9 or on an OS other than Yosemite or El Capitan.) It's clearly not simply a problem with El Capitan's new security features.
Hopefully this extra info can help bring about a more permanent fix from Apple.
- Extensions in this gallery are compatible with Safari 9.0 or later on OS X El Capitan or Yosemite. Please upgrade to
-
-
Mar 24, 2016 7:06 AM in response to gr8scott67by Kim Pomares,Thank you for figuring this out. I am going to share this on the LastPass plugin support page as well. Tons of people wondering and I bet this will help more than a few of them as it did me.
-
Mar 29, 2016 2:57 AM in response to iBleedIn6Colorsby ccyanni,Thanks! This works for me!
- open Keychain Access
- select the category "Certificates"
- go through all certificates in all of your keychains and check if they are still valid
- there are some with that are revoked or invalid
- DELETE them
-
Mar 29, 2016 3:08 AM in response to iBleedIn6Colorsby vslavik,★HelpfulThank you (and @akawe) for putting me on the right track. This is it. It’s not an expired certificate that is wreaking havoc, but one whose issuer is no longer recognized and which is replaced with a newer one in the System Roots keychain. Somehow, it ended in the login keychain, probably because it was downloaded as part of cert chain for some website at some point in the past.
The fix is to delete the “VeriSign Class 3 Public Primary Certification Authority - G5” certificate from your login keychain to make Apple sites show the green EV certificate and the extensions gallery starts working.
-
-
Apr 24, 2016 8:26 AM in response to theAaronMby mick1e52n,Being on the other side of the Atlantic does not spare us from Apple's 'Forked-tongue' applications.
Fortunately this forum delivered, but not in quite the sequence that I've seen here.
For me it was a mix of two steps 1) Start in safe mode 2) Start Safari, select Safari > Preferences > Get extensions. Now manually edit 'Safari-' out of the URL address. I then noted that green coloured text 'apple inc' (as in AKAWE's reply: Dec 15) had replaced the deleted 'Safari-'.
I was now able to select the 'install now' text, which had now appeared.
The unique symptom that I oberserved here was that if I edited the URL in normal mode, it would immediately reset when I tried to enter. I needed the safe mode for the URL edit to work.
-
May 9, 2016 10:34 PM in response to vslavikby KKBradshaw,The: VeriSign Class 3 Public Primary Certification Authority - G5 deletion solved my problem of the vanished install button...
Thank you!
-
May 29, 2016 9:17 AM in response to KKBradshawby Bradley Dichter,My client with brand new iMac and El Capitan can't install ScamZapper extension. Works on my Mac and El Capitan. No expired certs. No verisign cert at all. Safari extensions page shows green lock and Apple Inc. before the URL. We added Adblock Plus as a test. ScamZapper is from an unidentified developer. Tried the tab and space bar shortcuts in the trust window. Still doesn't install. iCloud keychain was off, we turned it on, same thing. Tried putting the ScamZapper.safariextz in ~/Library/Safari/Extensions/ and it was ignored. So we've tried everything. Only thing we didn't do... the iMac came with 10.11.4 and we let the App Store Software Update install the delta update to 10.11.5. So we could try the combo updater. Shot in the dark, but I'm out of ideas. Anybody?
-
May 31, 2016 7:31 AM in response to Bradley Dichterby Bradley Dichter,Update: Combo update did not help. Safe Boot did allow the Safari extension to be loaded, and it stuck when rebooted normally. So something that loads optionally with the system blocked the installation.
-
-
Jun 29, 2016 7:02 PM in response to lorenzoruzby Bradley Dichter,Glad to help out. Wish I knew what is the actual cause, but the safe boot work-around was acceptable.
-
Jun 29, 2016 9:19 PM in response to vslavikby billcole,THANK YOU!!!
Note that this stale certificate may also be in the "System" keychain (NOT System Roots) and cause this problem.
The root cause of this is a screw-up by Verisign/Symantec a decade ago, creating “VeriSign Class 3 Public Primary Certification Authority - G5” as an intermediate certificate signed by a weaker (1024-bit) root certificate. They "fixed" that error by re-issuing “VeriSign Class 3 Public Primary Certification Authority - G5” as a self-signed root with the same common name, distinguished name, and public key. That way they didn't need to re-issue all their customers' certificates signed with the intermediate. However, the removal of the stale weak root that had signed the original intermediate version from System Roots in El Capitan left the intermediate version as rootless, and it is actually indeterminate whether the system will pick the new root or the old broken intermediate when verifying a signature chain because all of the supposedly unique identifiers are the same. In principle the intermediate (in the login or System keychain) should be used but in testing chain verification in Keychain Access on a machine with both certs I found that sometimes a downstream cert used one path and sometimes it used the other. No theory why...
-
Jun 30, 2016 5:37 AM in response to billcoleby Bradley Dichter,I will have to check into the certificates. I wouldn't think a safe boot would have any effect on the system handling them.
-
Jul 27, 2016 4:51 PM in response to vslavikby keith-o,Thank you. This fixed the issue for me on yosimite + safari 9.
