When trying to login to a site protected by a client certificate login in Safari 12.1.1, it keeps prompting for the certificate to use from the keychain even though have provided it before. This use to work with the certificate but now is not providing the certificate to the site. When using Chrome on a mac, this works fine, but safari will not submit the certificate to the site. Do you know how to enable safari to allow this?
The certificate management with safari is a nightmare BUT :
you can use the "identity preferences" in keychain.
the principle is to link a personal x509 certificate with a web site (or a domain).
to create an identity preference : right click on your personal certificate in keychain and choose new identity preferences in menu.
enter domain in "where field" for example "www.yourcompany.com" or "*.yourcompany.com".
after that safari will present automatically your certificate when you tried to access the website protected by "client certificate requirement".
when your certificate will expire, you can delete the identity preference to recreate a new one or modify it to change the client certificate.
i use it since many years without problems.
the prompt window in safari create an identity preference in keychain with the exact url in the where field and if you change url the prompt window reappears when you restart safari.
Chrome implementation is more user friendly.
I think nobody from apple use the client certificate with safari ;-).
Have you tried deleting the certificate so a new one will be downloaded?
Try setting up another admin user account to see if the same problem continues. Please post back on whether or not this worked. Also try the Safe Mode. Please post back on whether or not this worked.
Isolating an issue by using another user account
Safe Mode - About
If it works in the Safe Mode, try running this program when booted normally and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown. If the log won’t post, try posting it in Pastebin and provide a link in a reply Pastebin
Etrecheck – System Information
Are you running any anti-virus software? It may not help, but try running/posting the Etrecheck report.
Eric
Yes, I have removed the certificate / tried from multiple profiles as both admin / normal user and is working the same way with all the test cases. This was working a few months back so not sure what has changed in the updates to safari / MacOS that is causing the issue now with this login. When sniffing the traffic, I am not seeing Safari actually submit the cert just keeps asking for it. But, other browsers (Chrome) work fine with the same setup / site / machine / profile.
Nick
Yeah, this is a fresh system and seeing the same issue on a number of other Macs so don't think is a hw / software issue. Need to find out why Safari won't release / send the certificate that is chosen when prompted.
Nick
The report shows your hard drive might be failing. Make sure you have good backups.
I don't see any software that normally causes problems.
I am not running any AV. This is not working on any of the Macs I know of / have access to so has to be a common settings in Safari. Here is the Etre Check report.
Problem: No problem - just checking
Major Issues:
Anything that appears on this list needs immediate attention.
No Time Machine backup - Time Machine backup not found.
Failing hard drive - This machine has an older, mechanical hard disk that appears to be failing.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
Upgradeable RAM - This machine has upgradeable RAM that would help its performance.
Unsigned files - There are unsigned software files installed. They appear to be legitimate but should be reviewed.
Limited drive access - More information may be available with Full Drive Access.
Video Information:
GPU - VRAM: 128 MB
Display 1566 x 911
disk1s4 - VM [APFS VM] (Shared - 20 KB used)
APFS
Mount point: /private/var/vm
System Software:
macOS Mojave 10.14.5 (18F203)
Time since boot: About 8 hours
Notifications:
Notifications not available without Full Drive Access.
Security:
System Status
Gatekeeper: Enabled
System Integrity Protection: Enabled
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
Kernel Extensions:
/Library/Application Support/VMware Tools
vmhgfs.kext (10.1.6)
vmmemctl.kext (9.8.3)
/Library/Extensions
VMwareGfx.kext (10.1.6)
System Launch Agents:
[Not Loaded] 17 Apple tasks
[Loaded] 172 Apple tasks
[Running] 112 Apple tasks
System Launch Daemons:
[Not Loaded] 38 Apple tasks
[Loaded] 183 Apple tasks
[Running] 115 Apple tasks
Launch Agents:
[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-05-31)
[Running] com.vmware.launchd.vmware-tools-userd.plist (VMware, Inc. - installed 2017-03-17)
Launch Daemons:
[Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2019-05-17)
[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-05-31)
[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2015-04-23)
[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-11-08)
[Running] com.vmware.launchd.tools.plist (VMware, Inc. - installed 2017-03-17)
User Launch Agents:
[Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2019-06-02)
[Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2019-06-02)
User Login Items:
iTunesHelper.app (Apple - installed 2019-06-04)
(Application - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins:
SharePointBrowserPlugin: 14.5.0 (? - installed 2017-12-10)
Time Machine:
Time Machine Not Configured!
2 local snapshots
Oldest local snapshot: 2019-06-04 17:12:55
Last local snapshot: 2019-06-05 08:41:57
Performance:
System Load: 3.61 (1 min ago) 4.84 (5 min ago) 3.30 (15 min ago)
Nominal I/O speed: 0.76 MB/s
File system: 121.07 seconds (timed out)
Write speed: 28 MB/s
Read speed: 33 MB/s
CPU Usage Snapshot:
Type Overall
System 34 %
User 29 %
Idle 36 %
Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)
Other processes 101.88 % (?)
trustd 14.10 % (Apple)
EtreCheck 9.83 % (App Store)
CoreServicesUIAgent 1.28 % (Apple)
App Store 0.23 % (Apple)
Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)
EtreCheck 443 MB (App Store)
Keychain Access 229 MB (Apple)
Google Chrome 194 MB (Google, Inc.)
App Store 147 MB (Apple)
FollowUpUI 85 MB (Apple)
Top Processes Snapshot by Network Use:
Process (count) Input / Output (Source - Location)
mDNSResponder 1 MB / 225 KB (Apple)
netbiosd 187 KB / 9 KB (Apple)
apsd 7 KB / 9 KB (Apple)
kernel_task 3 KB / 2 KB (Apple)
cdpd 0 B / 0 B (Apple)
Virtual Memory Information:
Physical RAM: 6.06 GB
Free RAM: 17 MB
Used RAM: 2.92 GB
Cached files: 3.13 GB
Available RAM: 3.14 GB
Swap Used: 0 B
Software Installs (past 30 days):
Install Date Name (Version)
2019-05-31 Microsoft AutoUpdate
2019-05-31 Microsoft Outlook
2019-05-31 XProtectPlistConfigData (2103)
2019-05-31 MRTConfigData (1.41)
2019-06-04 Microsoft Excel
2019-06-04 Microsoft OneNote
2019-06-04 Microsoft Word
2019-06-04 Microsoft PowerPoint
2019-06-04 Gatekeeper Configuration Data (167)
2019-06-05 EtreCheck (5.2)
Diagnostics Information (past 7 days):
Directory /Library/Logs/DiagnosticReports is not accessible.
Enable Full Drive Access to see more information.
End of report
X509 Login Keeps Prompting in Safari
