Apple Event: May 7th at 7 am PT
Hello Folks. Igo to a news site, then a drop down: cannot verify certificate "static.ak.facebook.com" could put information at risk; connect anyway? --But It happens at several sites. I do not do facebook.
Any thoughts or information from anyone, I hope?
Oh this will be -- if it hits- they are saying only tropical storm force for here, for now. Alterations of its course change everything. It could swerve east and nobody feels anything. But i wait until it is not a storm any more before I think "all clear"
I forget but i want to say this would be like- combining TS and H's about 17. hahahahaha I am above the flood plain now, so, WAY less terror...
I maybe exagerated on the number... gloria...Oh not tonight. Next time I can try to count them. ahahahaha
Hi all.
Here is a small update. I have followed almost all suggestions with no luck - untill this morning. It was clear to me that the problem arises from the cookies Facebook stores in Safari. Removing the cookies individually from Preferences -> Privacy removed the problem untill next login to FaceBook which resulted in a new cookie beeing stored and the problem reappearing. The only suggestion I did not follow was to clear the History, which I finally did. This seems to have solved the problem immediately...
As others pointed out there seem to be more than one server that is beeing connected to. Mine was the s-static server.
For those of you who still have the problem try to clear the history in Safari.
canucksgirl01 wrote:
In case flashback malware is causing problems you can do a fairly simple check using terminal.
Flashback was declared "extinct" a few weeks ago by several A-V labs since the server has not been active for months. Anybody running OS X 10.6.8 or above is protected against it in any case. There is currently no reason to test for it.
I've been having this problem for several weeks now, and every few days or so do a new internet search to see if there's a solution. So far I've only found suggestions which seem to help in certain instances, but of all the articles and posts I've read, there doesn't seem to be a definitive cause and solution. I've read posts from a couple years back that report the same or a similar issue, the only difference is in the details of what URL or site is being displayed as having an invalid certificate. In this case we're talking about facebook so I'll stick with that for now. But here are some things I've noticed myself with this error and other observations from what I've read:
I've yet to see whether anyone has just tried to install the certificate. I can understand why not, but maybe that's all that needs to be done. The other solutions, such as resetting Safari, clearning cookies and what not, and re setting clock are reported to work by some, but there's never any follow up as to whether or not the solution stuck, or just lasted for a period of time.
I'm going t be brave and install the certificate. If it is Malware, then my security program should catch it. It just doens't make sense that it is though, because you would already have to be infected in the first place!. I think it's a bug in Safari combined with certain API's for facebook and perhaps other sites that use ad providers. All three other major browsers don't even flinch on the same sites, it iwould seem like at least one other one would throw some sort of warning.
Slip Jigs wrote:
As to what sites will produce the message, I can only surmise there is a facebook reference somewhere within, such as Like button or Ad.
My understanding is that the Facebook logo that appears on millions of pages so that you can Like the page is marked as requiring certificate authentication, when it should not have been. Supposedly this was fixed, but for whatever reason some users are still reporting the problem.
Many "solutions" offered involve malware, yet I've yet to read where any cleaner program isolated ad fixed a specific malware infection
No currently circulating malware is known to act in this manner.
Makes sense, but the why only Safari? This has happened with other website domains or sub-domains displayed in the error, such as Yahoo, Verizon and major banking sites.
I thought I had fixed everything with clicking continue but the problem came back with a vengeance, popping up with many sites besides the s-static.ak.facebook.com.
I eventually did quite a few things and my problem now appears solved.
- I deleted all certificates in Keychain that showed with a red x (not verified)
- I downloaded the latest combo OS 10.6.8 update (my current system) and reinstalled it.
- I reupdated Java and Silverlight
- I ran Onyx maintenance to remove all system and user and web caches, history, and to force spotlight reindexing
- With Onyx, I ran the maintenance scripts and repaired permissions
- I did a full antivirus scan with Sophos (nothing found)
- I waited overnight.
Like another user before, I am not sure what step actually solved the problem but everything seems finally OK.
Good luck.
I did this and the pop-ups keep happening so it must be somthing different. I checked the date and it's correct. I went to keychain and did the thing that was suggested but that, too, did not work and it's making me CRAZY. I usually don't get crazy about stuff like this but I'm not even on Facebook so the fact that it's affiliated is really annoying.
There's been no posts for a while but I'm still suffering with this issue - I've tried the Keychain first aid, deleting all certificates, checked my time/date settings and many of the other various suggested fixes without success.
I have found that explicitly trusting the certificates (Show Certificate->Always trust) does get rid of it but this isn't an ideal solution.
I'm fairly new to Macs but this looks to me like the certificate is being issued by localhost.localdomain which is why it is being flagged as untrusted.
I'm running 10.8.2 on a corporate network behind a proxy if that makes any difference.
Howdy. OK I wrote in the help bar of safari menu "show certificate" and then chose the identify certifcates/avoid frauds offering...
Identify secure websites and avoid frauds
When you use a website that handles private or financial information, make sure the website is encrypted.
When you go to an encrypted webpage—for instance, to do online banking—Safari checks the website’s certificate and compares it with certificates that are known to be legitimate. If Safari doesn’t recognize the website’s certificate, or if the website doesn’t have one, Safari displays a warning message.
Safari also checks lists of fraudulent websites that have been identified by security services. If you attempt to visit one of these websites, Safari displays a warning message.
If a Security button isn’t shown for a website, you may have been given a choice between a secure and an insecure connection when logging in to the site. Go back to the page where you logged in and check for a link to an encrypted (or secure) login. Even if you don’t plan to view private information, it’s best to use an encrypted login whenever possible to ensure that your login information and any other information you send are private.
Look for a message that says the certificate is not trusted, or was signed by an untrusted issuer. If you see a message like that, click Cancel, and do not go to the website.
Click the triangle next to the word “Details.” Check to make sure that the name and organization match those of the person or organization that owns the website. If anything looks unusual or is not what you expect, click Cancel, and do not go to the website.
If you continue to the website, double-check the address in the Safari toolbar to confirm that it is the correct address for the page you want to visit. The name of the website should be spelled correctly. Sometimes fraudulent websites masquerade as trusted websites by changing one or two letters of the trusted website’s address.
If you continue, the certificate is stored on your computer, and this warning isn’t displayed again for this website until you quit and restart Safari. If you like, you can change the trust settings for the certificate later, using Keychain Access.
If Safari warns you that a website is fraudulent, do not visit that site. If you think the warning message is in error, contact the administrator or owner of the website for information. Never provide secure or personal information at a website unless you are confident that it is secure.
Awesome, I have been bothered by this for months and just now decided to look into what was going on and voila, your suggestion about keychain first aid fixed this annoying problem. Thank you.
cannot verify certificate "static.ak.facebook.com"
