Invalid Certificate on every secured website

i have been having this same problem, in addition in always getting INVLAID URL in safari.

the invalid URL comes up with things like:

gmail.com

google.com

facebook.com

really???? why the heck dont those sties work in safari????

as for the certificate request - it is alway referencing facebook for some reason - i hardly use facebook, and it makes me wonder what is FB doing to see what browsing... but thats a different story.

is there a fix for either of these things???

ive taken it in to apple store twice, and of course it always works there.

here is the image....

KevinMSD, I noticed that one also. There are many sites that I visit that have nothing to do with Facebook, but I will got several messages popping up regarding the Facebook security certificate.

I scanned my system with Symantec Endpoint Protection just to make sure there is no trojan or virus activity. If so, the latest SEP and virus definitions can't find it.

You guys are getting the message about Facebook because many sites allow you to either use Facebook's authentication system to create an account on that site, or they've got social sharing features on the site which allow you to post stuff directly to your Facebook wall.

I noticed that my system wasn't trusting any certificates signed by Verisign. I downloaded this certificate from Verisign and imported it into Keychain Access, it solved the problem for me:

http://www.verisign.com/repository/roots/root-certificates/PCA-3G5.pem

[ from here: http://www.verisign.com/support/roots.html ]

With the latest updates, Safari is requesting the CRL (certificate revocation list) from the issuer of the certificate to validate the certificate. However, the request is made to without authentication and therefore the proxy rejects the request. The request is not reissued with credentials and the keychain process assumes the certificate is invalid because it cannot verity that the certificate is no on the revocation list. We have decided to add many of the certificate authorities to our list of sites that may be accessed via our proxy server without authentication and now Safari says that the certificates are valid. So far we have whitelisted verisign.com, thawte.com, godaddy.com, digigert.com and geotrust.com. For a US site, this seems to cover the majority of certificates we see.

Apple should fix this problem and use the credentials in the keychaing for the crl web requests.

Add me (and my colleagues) to the list.

Using a whitelist is a good idea but actually Apple should come up with a bugfix to solve this.

I have the same issue with Google certificate on Safari, Chrome and Mail. Firefox is the only one that works right probably because it doesn't use the system certificates.

Few weeks ago I had the same issue with Verisign certificates but it soved out by deleting the certificates from Keychain Access. I can't do the same with Google certificates because I can't find any Google certificate in Keychain.

Does anyone has a solution for this?

Thank you for your suggestion. I deleted the files crlcache.db and ocspache.db and I kept the window open. I just watched them reappear under private/var/db/crls/

Thank you quickSti! This finally solved the problem for me.

quickSti wrote:

I solved this on my wife's computer by resetting the security certificate settings. This might help others:

Close all windows.

Keychain Access -> click on System Roots on the left, and then click on Certifcates on the bottom left.

Check to see if any of the certificates on the right have the blue "+" symbol - this means they have custom trust settings.

There is a bug in changing the policies, so you'll have to change them via the method below. Changing them just by changing the access to "system defaults" doesn't seem to save. The method below worked for me.

Double-click on each certificate with the custom setting (blue "+"), expand the section labled "trust". Change the "Secure Sockets Layer (SSL)" setting to "no value specified". Close window - you should be prompted for the password. Double-click on the certificate again, expand trust, change the "When using this certificate" setting to "Use System Defaults". Close window, and re-enter password.

If you didn't re-enter your password upon closing the window, the setting didn't take. The blue "+" should disappear after a few seconds when it's set back to default. Once all of the certificates are changed back to default, restart Safari.

This solved all of the problems for my wife's computer with these issues and OSX 10.7.4

Just got around to trying this, worked perfectly - thank you!

Thank you, anton young! I just tried your tip. I merely made the change to the verisign certificate that showed the blue+ sign and now I can finally access my credit card sites. Most of the others in foreign languages I didn't mess with. I have printed out your instructions in case I need to change any other certificates. Thanks again--yours was the first suggestion that seemed to solve the problem easily.

check to see if the date and time is correct as that can flag issues with certifcates.

Date and time are correct--I can now access secure sites with Chrome and Safari, but not FF. that must be due to some security setting within the browser.

I see that I erred when giving thanks for the solution which solved the problem. My thanks go to quickSti! I was so excited to find a solution that I overlooked the name of the original poster. Thanks again-- this problem was driving me crazy.