This discussion is locked
Close
Q: Cannot access HTTPS urls; Safari hangs blank, crashes
Page
1
Next
-
Nov 30, 2006 6:58 PMby themask,HelpfulSteve,
you tried most everything I would have suggested. There is only one thing I read in other posts that you don't mention: X.509 certificates in Keychain.
Take a look at these posts and see if they can help. Long shot, I know...
Hope this helps! -
Dec 2, 2006 11:16 AMby SPD,I'm having the same issue. Originally I thought it may be due to the installation of a Cisco vpn client, which I happened to install on Thursday.
Like you, I tried all the tricks too. Still no luck at all. ITS has not been much help at my school.
I think we're going to have to wait this one out until Apple solves the problem.
Since Gecko browsers (Firefox and Camino) work, but WebKit versions do not (Safari, OmniWeb, or Shiira), I'm assuming it has something to do with the recent security update and WebKit browsers. -
Dec 2, 2006 11:37 AMby SPD,Thanks for suggesting Pacifist. I used it to check the WebKit framework and got this message:
The following files’ checksums did not match those specified in the package. The files may simply have been updated to a later version, or they may have been tampered with.
Changed Files:
/System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
Since this seems to be, for me, a WebKit issue, is there any way to install another version of the WebKit framework? Or will this only mess up things more?
Thanks.
MacBook 1.83; iMac G5 17; PB G4/400; iMac G4 700 Mac OS X (10.4.8) -
Dec 2, 2006 4:05 PMby Steve BC,First, I want to thank all of you for posting here. I really appreciate it.
To themask: I would never have thought of it being a problem with the X509 stuff. I know the Mac environment pretty well, but I have never seen any information that truly sets out what certificates and anchors are, how they function, and (most particularly) what to do to verify a certificate that Safari is not finding acceptable. However, the posts you pointed me to were informative enough that I tried various things to get the X509 files to reset or be replaced to the proper ones. Unfortunately, the stuff I did was not successful and things got even flakier. I did verify to my satisfaction that the problem at least began as a problem with one or more root certificates. Among the things I tried were reapplying the 10.4.8 Combo updater and getting replacement X509 files from another computer that was working properly, but it just wasn't any use in fixing the issue.
So I reformatted the disk and reinstalled everything. Nuking the disk may seem like overkill here, but a possible contributor to this problem is the fact that I had to replace my hard drive about a month ago and was not confident that the tech who replaced the drive reinstalled the OS fully and properly. It felt to me that the original X509 problem was cascading into other problems, until I just felt that reformatting was the only way to be sure I got all the bugs.
As far as I can tell so far, everything is back up and running normally.
Again, thanks to each of you for participating in this thread and helping me out. I consider the issue closed.
Steve
15 AlBookG4-1.25GHz Mdl-A1046 Mac OS X (10.4.8)
15 AlBookG4-1.25GHz Mdl-A1046 Mac OS X (10.4.2)
15 AlBookG4-1.25GHz Mdl-A1046 Mac OS X (10.4.8) -
Dec 3, 2006 5:17 PMby V3G4,I'm having problems too with HTTPS. I had to use Firefox as well to post here. I tried most of the stuff listed in posts here with not much result. Safari got a little faster but still no luck on HTTPS log-ins. One thing I did do was:
- Log in into my ROOT account and try using Safari to do secure web log-ins.
Everything worked in that account. So it seems whatever happened, happened in my secondary / everyday account. I thought it might have been the recent security update that did it. But if that was the case, it would effect root as well. I thought PithHelmet might have done something as well, but turning everything off, accepting all cookies and no blocking still doesn't solve the issue.
If someone figures something out, please keep posting here. I would much rather be using Safari than Firefox. But right now I can't...
1.67 G4 Pbook , 500 G4 Pbook,Dual 2.7 G5 Tower Mac OS X (10.4.8) Also Dell P4 for Gigasampler
1.67 G4 Pbook , 500 G4 Pbook,Dual 2.7 G5 Tower Mac OS X (10.4.7) Also Dell P4 for Gigasampler -
Dec 3, 2006 6:44 PMby SPD,Sorry I can't answer your question here; I noticed the same thing with a couple sites. Problem is, it takes forever for those https that are accessible to load. Usually I don't have the patience and assume they don't work.
I don't know enough about java either to venture any guesses. The only constant seems to be WebKit and the recent security update. Ergo... -
Dec 3, 2006 8:19 PMby snowflake,HelpfulI experienced not being able to access HTTPS - Secure Sites this my Solution:
Go to Applications > Utilities: Open Keychain Access
Keychain Access > Preferences: 'Certificates'
Check - 'Online Certificate Status Protocol' (OCSP): OFF
'Certificate Revocation List' (CRL): OFF
Priority: OCSP (this will be greyed out)
Also check in Keychain Access the keychain 'X509Anchors' for any Certificates with a Red Cross beside them ...... highlight these and delete them (they are invalid).
Then Open Safari and access a Secure HTTPS Site.
Chers,
Ronni
1.67GHz G4 PowerBook 1.5GB DDR2 SDRAM 120GB HD Mac OS X (10.4.8) -
Dec 3, 2006 10:16 PMby V3G4,Go to Applications > Utilities: Open Keychain Access
Keychain Access > Preferences: 'Certificates'
Check - 'Online Certificate Status Protocol' (OCSP): OFF
'Certificate Revocation List' (CRL): OFF
Priority: OCSP (this will be greyed out)
Also check in Keychain Access the keychain 'X509Anchors' for any Certificates with a Red Cross beside them ...... highlight these and delete them (they are invalid).
Then Open Safari and access a Secure HTTPS Site.
This worked for me. Of course now I don't have certificates. Which I do kinda need for banking stuff and high security sites.
APPLE, YOU NEED TO FIX THIS!!!!
1.67 G4 Pbook , 500 G4 Pbook,Dual 2.7 G5 Tower Mac OS X (10.4.7) Also Dell P4 for Gigasampler
1.67 G4 Pbook , 500 G4 Pbook,Dual 2.7 G5 Tower Mac OS X (10.4.7) Also Dell P4 for Gigasampler -
Dec 4, 2006 12:00 AMby SPD,I experienced not being able to access HTTPS - Secure
Sites this my Solution:
Go to Applications > Utilities: Open Keychain
Access
Keychain Access > Preferences: 'Certificates'
Check - 'Online Certificate Status Protocol' (OCSP):
OFF
'Certificate Revocation List'
(CRL): OFF
Priority: OCSP (this will be greyed out)
Also check in Keychain Access the keychain
'X509Anchors' for any Certificates with a Red Cross
beside them ...... highlight these and delete them
(they are invalid).
Then Open Safari and access a Secure HTTPS Site.
Chers,
Ronni
Genius! How did you figure this out? I've been working on this problem for days. Thanks so much!
MacBook 1.83; iMac G5 17; PB G4/400; iMac G4 700 Mac OS X (10.4.8) -
Dec 4, 2006 8:05 AMby Petterf,Wow I'm not alone on this one.
My problems began, I believe, after running the Security Update 2006-007 (10.4.8 Client PPC).
Maill.app hanged or timed out after 1 minute every time I accessed my accounts which is done over SSL and when trying to access HTTPS sites Safari hangs as well. So I understood there is something with the secure connections or certificates but I never tested to turn them off.
Thanks for the help!
Now when I can access radar.apple.com I'll file a bug report on this. -
Dec 4, 2006 8:21 AMby Steve BC,From Ronnie the Snowflake (nice name! ):
"I experienced not being able to access HTTPS - Secure Sites this my Solution:
Go to Applications > Utilities: Open Keychain Access
Keychain Access > Preferences: 'Certificates'
Check - 'Online Certificate Status Protocol' (OCSP): OFF
'Certificate Revocation List' (CRL): OFF
Priority: OCSP (this will be greyed out)
Also check in Keychain Access the keychain 'X509Anchors' for any Certificates with a Red Cross beside them ...... highlight these and delete them (they are invalid).
Then Open Safari and access a Secure HTTPS Site."
I thought about doing something like this, but I simply don't know enough about protocols and certificates to understand what I would be doing. It seems to me that, in turning OFF these protocols, you are turning off the system's ability to verify certificates and therefore are eliminating the system's ability to authenticate your certificates, in which case your system is no longer able to recognize when a certificate has expired or for good reason becomes invalid or otherwise should not be trusted. It seems to me that this would degrade your SSL and other security protocols over time. I really have no clue on this but rather am making an assumption.
Perhaps someone can post a URI for an article that clearly explains anchors, certificates, protocols, and so on, in a coherent way, so I would have a better idea how to handle this kind of problem in the future.
Also, I might add that my problems with root certificates, etc., began shortly after I deleted a red-crossed root certificate for the first time in my entire life. I have no idea whether the issue I ended up having was related to that, although it would seem not, on theoretical grounds, yet (magical thinking) once-bitten, you know...
Further note that I did not apply Security Update 2006-007 until after I began having this problem, so the problem does not appear to have anything to do with that update.
Steve -
Dec 4, 2006 11:23 AMby Anders Holm,Hi all,
I've experienced this problem for a few days. For me it's started with the last sec update.
It appears to be tied to server certs issued by "VeriSign Class 3 Public Primary Certification Authority - G3", at least I have two different banking sites using certs from Verisign that are very slooow. Safari also considers these server certs as invalid, Safari claims that the issuer is, i.e. Verisign, is not approved (similar wording).
I've also tried a number of tricks (cache-cleaning etc) and looked in the X509 anchor list.
And naturally, Firefox does NOT have any problems.
I do believe that this is an Apple problem.
I also would appreciate tips and solutions.
/Anders Holm, Sweden
MacBook Pro Mac OS X (10.4.8)
