Safari 3.1.1 SSL certificates problem

I have similar problem, after last update 10.5.3, Safari stop using my certificates installed into Keychain. Which I use to access my financial information.

As temporary solution I have exported sertificate as p12 file and import it into Firefox. But I still waiting for update, because want to use Safari as primary browser.

Message was edited by: mikashkin

I've had exact same problem with certificates on Safari after 10.5.3 install. Tried reinstalling certs, no change, tried keychain firstaid, no change, deleting safari plist file , nochange

So I thought I would totally reinstall Safari, downloaded from Apple, intaller says can't install because i need 10.5.2 or higher!!!, I'm running 10.5.3-- crazy.

Try disabling CRL checking in KeyChain (Preferencies -> Certificates -> CRL -> Off)

Christos

Christos,

before post my comment I've read some posts here. Looks like that is common way to evade that kind of problems. But this time it's not help.

And I do the same as Paul Penwell, except try to reinstall Safari.

Hope we are not alone and Apple engineers did something to fix in next update Safari or Mac OS. Now I use Firefox.

have same problem as above, have 2 new imac 20" updated unit A to 10.5.3 safari won't load
Unit B same update, safari works fine. tried to download safari 3.1.1 and same error as others have had
need 10.5.2 or greater. this is a major bug
APPLE ARE YOU LISTENING--give us help .
we shouldn't have to use the install disc apple should give us a solution

I've got the same problem. I tried following the procedure suggested by Apple at http://support.apple.com/kb/HT1679?locale=en_AU

This explains what is going on but the solution does not work for me. I tried to add New Identity Preference to my only client certificate, copy and pasting required URL but this made no difference.

I'm now stuck with only being able to access unsecured web sites. Instead of partial security under 10.5.2 I now have perfect security because I can use any secured sites. VERY frustrated.

Help?

Hi

that's the problem i identify (i hope i am clear) :
we have a https apache server with the option "SSLVerifyClient Optional" (single sign on service) set. In this case Safari don't present a certificate (first problem).
Why we use optional ? because clients can login with their password.
if we set SSLVerifyClient Require, Safari try to present a keychain certificate (and It create an identity preference for each url your want to access, second problem)

with SSLVerifyClient Optional, you can create an identity preference for your website and your certificate (ctrl click on a certificate in keychain app) but the url is unique (not all the website). at this moment safari present the certificate for this url.

our sso system don't use a unique url (session_id is in url), so we can't use identity preference to contournate.

i tried without success to use url like https://oursso.ourdomain.com/* with wildcard character, it don't works.

so the solution is :
Safari should use identity preferences pour all the urls of a same web site and Safari should implement correctly SSLVerifyClient Optional

for me this is a bug !

i submitted this to bugreport.apple.com last week without any response today.

in 10.5.2 the certificates management wasn't good, but we can use our sso system, not in 10.5.3.

Just wanted to say that I am having the same problems. Although I find that if I click in the address bar and then press enter I will be presented with the option to accept the certificate. This is annoying though. I guess I will try out Firefox 3.

Hi

it appears that the problem is solved by 10.5.4 version.
you can put partial url into a identity preferences see technote : http://support.apple.com/kb/HT1679.

JR