JohnnyFJohnsson

Q: Safari 9 - I cannot install extensions

Hi,

 

since the update to Safari 9 and OSX 10.11 I cannot install extension from the extension gallery in Safari anymore. I click on an extension and the extension window opens but there is no button that says "install now" or anything like that. I have attached a screenshot showing the extension page. Is anyone else having the same problem?

 

Bildschirmfoto 2015-10-01 um 19.51.56.png

MacBook Pro (Retina, 15-inch, Late 2013), OS X Yosemite (10.10)

Posted on Oct 1, 2015 4:53 PM

Close

Q: Safari 9 - I cannot install extensions

  • All replies
  • Helpful answers

first Previous Page 5 of 6 last Next
  • by Mark McKean,

    Mark McKean Mark McKean Mar 11, 2016 12:38 PM in response to risyasin
    Level 1 (61 points)
    iTunes
    Mar 11, 2016 12:38 PM in response to risyasin

    OMG. Thank you thank you thank you. That is so simple, and phenomenally careless on Apple's part. What is their problem???

     

    For the record, I will mention that this problem happens not only on El Capitan, but also on Yosemite with Safari 9. At the top of the "bad" Extensions Gallery page, I see this lovely message:

     

    • Extensions in this gallery are compatible with Safari 9.0 or later on OS X El Capitan or Yosemite. Please upgrade to
      OS X El Capitan which includes Safari 9.0, or update to OS X Yosemite 10.10.5 and install Safari 9.0 from the Mac App Store.

     

    Well, I'm running 10.10.5 and Safari 9.0.3. Clearly, something is wrong in either Safari 9 or the safari-extensions.apple.com page that is preventing the page from correctly identifying the OS and browser. (This message also pops up if you visit the Extensions Gallery in a browser other than Safari 9 or on an OS other than Yosemite or El Capitan.) It's clearly not simply a problem with El Capitan's new security features.

     

    Hopefully this extra info can help bring about a more permanent fix from Apple.

  • by mdmazing,

    mdmazing mdmazing Mar 21, 2016 5:12 AM in response to gr8scott67
    Level 1 (0 points)
    Mar 21, 2016 5:12 AM in response to gr8scott67

    worked for me

     

    thx:)

  • by Kim Pomares,

    Kim Pomares Kim Pomares Mar 24, 2016 7:06 AM in response to gr8scott67
    Level 2 (235 points)
    Mar 24, 2016 7:06 AM in response to gr8scott67

    Thank you for figuring this out. I am going to share this on the LastPass plugin support page as well. Tons of people wondering and I bet this will help more than a few of them as it did me.

  • by ccyanni,

    ccyanni ccyanni Mar 29, 2016 2:57 AM in response to iBleedIn6Colors
    Level 1 (4 points)
    Mar 29, 2016 2:57 AM in response to iBleedIn6Colors

    Thanks! This works for me!

    - open Keychain Access

    - select the category "Certificates"

    - go through all certificates in all of your keychains and check if they are still valid

    - there are some with that are revoked or invalid

    - DELETE them

  • by vslavik,Helpful

    vslavik vslavik Mar 29, 2016 3:08 AM in response to iBleedIn6Colors
    Level 1 (9 points)
    Mar 29, 2016 3:08 AM in response to iBleedIn6Colors

    Thank you (and @akawe) for putting me on the right track. This is it. It’s not an expired certificate that is wreaking havoc, but one whose issuer is no longer recognized and which is replaced with a newer one in the System Roots keychain. Somehow, it ended in the login keychain, probably because it was downloaded as part of cert chain for some website at some point in the past.

     

    The fix is to delete the “VeriSign Class 3 Public Primary Certification Authority - G5” certificate from your login keychain to make Apple sites show the green EV certificate and the extensions gallery starts working.

  • by theAaronM,

    theAaronM theAaronM Mar 30, 2016 8:34 AM in response to vslavik
    Level 1 (5 points)
    Mar 30, 2016 8:34 AM in response to vslavik

    THANK YOU. That was it for me!

  • by mick1e52n,

    mick1e52n mick1e52n Apr 24, 2016 8:26 AM in response to theAaronM
    Level 1 (4 points)
    Apr 24, 2016 8:26 AM in response to theAaronM

    Being on the other side of the Atlantic does not spare us from Apple's 'Forked-tongue' applications.

     

    Fortunately this forum delivered, but not in quite the sequence that I've seen here.

     

    For me it was a mix of two steps 1) Start in safe mode  2) Start Safari, select Safari > Preferences > Get extensions. Now manually edit 'Safari-' out of the URL address. I then noted that green coloured text 'apple inc' (as in AKAWE's reply: Dec 15) had replaced the deleted 'Safari-'.

     

    I was now able to select the 'install now' text, which had now appeared.

     

    The unique symptom that I oberserved here was that if I edited the URL in normal mode, it would immediately reset when I tried to enter. I needed the safe mode for the URL edit to work.

  • by KKBradshaw,

    KKBradshaw KKBradshaw May 9, 2016 10:34 PM in response to vslavik
    Level 1 (4 points)
    May 9, 2016 10:34 PM in response to vslavik

    The: VeriSign Class 3 Public Primary Certification Authority - G5 deletion solved my problem of the vanished install button...


    Thank you!

  • by Bradley Dichter,

    Bradley Dichter Bradley Dichter May 29, 2016 9:17 AM in response to KKBradshaw
    Level 1 (48 points)
    Notebooks
    May 29, 2016 9:17 AM in response to KKBradshaw

    My client with brand new iMac and El Capitan can't install ScamZapper extension. Works on my Mac and El Capitan. No expired certs. No verisign cert at all. Safari extensions page shows green lock and Apple Inc. before the URL. We added Adblock Plus as a test. ScamZapper is from an unidentified developer. Tried the tab and space bar shortcuts in the trust window. Still doesn't install. iCloud keychain was off, we turned it on, same thing. Tried putting the ScamZapper.safariextz in ~/Library/Safari/Extensions/ and it was ignored. So we've tried everything. Only thing we didn't do... the iMac came with 10.11.4 and we let the App Store Software Update install the delta update to 10.11.5. So we could try the combo updater. Shot in the dark, but I'm out of ideas. Anybody?

  • by Bradley Dichter,

    Bradley Dichter Bradley Dichter May 31, 2016 7:31 AM in response to Bradley Dichter
    Level 1 (48 points)
    Notebooks
    May 31, 2016 7:31 AM in response to Bradley Dichter

    Update: Combo update did not help. Safe Boot did allow the Safari extension to be loaded, and it stuck when rebooted normally. So something that loads optionally with the system blocked the installation.

  • by lorenzoruz,

    lorenzoruz lorenzoruz Jun 29, 2016 4:58 PM in response to vslavik
    Level 1 (9 points)
    Jun 29, 2016 4:58 PM in response to vslavik

    yes! this really helped!

  • by Bradley Dichter,

    Bradley Dichter Bradley Dichter Jun 29, 2016 7:02 PM in response to lorenzoruz
    Level 1 (48 points)
    Notebooks
    Jun 29, 2016 7:02 PM in response to lorenzoruz

    Glad to help out. Wish I knew what is the actual cause, but the safe boot work-around was acceptable.

  • by billcole,

    billcole billcole Jun 29, 2016 9:19 PM in response to vslavik
    Level 1 (39 points)
    Jun 29, 2016 9:19 PM in response to vslavik

    THANK YOU!!!

     

    Note that this stale certificate may also be in the "System" keychain (NOT System Roots) and cause this problem.

     

    The root cause of this is a screw-up by Verisign/Symantec a decade ago, creating “VeriSign Class 3 Public Primary Certification Authority - G5” as an intermediate certificate signed by a weaker (1024-bit) root certificate. They "fixed" that error by re-issuing “VeriSign Class 3 Public Primary Certification Authority - G5” as a self-signed root with the same common name, distinguished name, and public key. That way they didn't need to re-issue all their customers' certificates signed with the intermediate. However, the removal of the stale weak root that had signed the original intermediate version from System Roots in El Capitan left the intermediate version as rootless, and it is actually indeterminate whether the system will pick the new root or the old broken intermediate when verifying a signature chain because all of the supposedly unique identifiers are the same. In principle the intermediate (in the login or System keychain) should be used but in testing chain verification in Keychain Access on a machine with both certs I found that sometimes a downstream cert used one path and sometimes it used the other. No theory why... 

  • by Bradley Dichter,

    Bradley Dichter Bradley Dichter Jun 30, 2016 5:37 AM in response to billcole
    Level 1 (48 points)
    Notebooks
    Jun 30, 2016 5:37 AM in response to billcole

    I will have to check into the certificates. I wouldn't think a safe boot would have any effect on the system handling them.

  • by keith-o,

    keith-o keith-o Jul 27, 2016 4:51 PM in response to vslavik
    Level 1 (4 points)
    Jul 27, 2016 4:51 PM in response to vslavik

    Thank you. This fixed the issue for me on yosimite + safari 9.

first Previous Page 5 of 6 last Next