You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:


Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)


This certificate is not valid (host name mismatch)



There is an EASY FIX for this...


Go to:


/Applications/Utilities/KeyChain Access


Select "KeyChain First Aid" from "KeyChain Access" (menu choice)


Make sure the radio button for "Verify" is selected, and then click the "Start" button.


Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").


It is not necessary to perform a "repair" if no problems were found.


If problems were found, follow up the verification process with the "repair" process.


FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

112 replies

Oct 24, 2012 3:12 PM in response to mozm97

Yes. Akamai Network is the hosting service for companies like Apple, Microsoft, Facebook and Twitter; and is responsible for the certificate (in this case, used by Facebook). They have apparently fixed the certificate to stop the alert message we all saw, but this change may not appear for ALL websites right away. Basically all the websites have to get the update from Akamai Network and then push the update through their website. Not all websites update their servers on the same schedule (some do this every day, some do this less often). So, if you could not fix the problem with the suggestions, you will have to wait for the affected sites to catch up with the update. ~ I hope that made more sense, and answered your question.

Oct 24, 2012 3:50 PM in response to mozm97

mozm97,


As I mentioned, you should first check for updates for your OS and install anything that pertains to security (if not already done). Installing Anti Virus software is an added level of security (the Apple updates are generally pushed after threats are found, but AV software deals with them asap). Just configure the software to run on a schedule that doesn't interfere with you using your system (as all software eats up system resources when they are running). You can specify what and where the software checks. I like it for downloads as Sophos will tell me immediately if something is hidden in the file (you just have to ensure the software also stays up to date).


So should you install it? Well, that's entirely up to you, but if it means anything (or not), I installed it as soon as I bought my MB... and I use my Mac for work and at home.

Oct 24, 2012 5:37 PM in response to Micheal LeVine

Can you be a bit more specific? Where and on what are you getting messages about certificate problems?


I suspect that you mean you are using a different device? or using a different browser? or an app?


Any connection that your device makes to a website, to a mail server, or an app, etc, goes through a 'behind the scenes' check to verify that the certificate associated is valid. A certificate is issued with a unique serial number that must correspond to the information verified through the issuer. It contains information about how the certificate is used (i.e.: for secure connections, or a general verification for the identity of the website or app). These certificates are also only valid from the issue date to the expiry date. So if you accidentally changed your device's date, you could get a bunch of certificate errors (because they are checked against your system's date). A note about each certificate is also saved to your device. This is NOT unique to Safari, to Mac's or just to computers. This exists on all levels of connections, with all devices and with all platforms.


If the error you are getting is the same as what's reported here, it affected a lot of people because the error in the certificate was used on potentially millions of websites. Safari users noticed this because the security is set up to alert you to any "mismatched" information contained in a certificate. As everything gets updated, the problem will get resolved on its own (but can take some time).


If you still suspect malware, I posted more information about this in this thread, you can read about it here. For any further help, I'll need some clarification from you about the problem (and posting a screenshot of the certificate notice you get, expanded to show the details, will also help).

Oct 24, 2012 6:40 PM in response to canucksgirl01

I am only talking about one device, an iMac running OS 10.7.5 and Safari Version 6.0.1 (7536.26.14).


Today I came home to find approx. 8 little popup windows floating in front of my Safari window, that had been idle for almost 24 hours, but something had tried to access whatever web sites are authenticated by this akami.net URL.


It was not me, and my pets are locked in another room while nobody is home, and, furthermore, they cannot type or read...


If I got these popup notifications in response to clicks I made while using Safari, I might understand. Unless you think these notifications can come 18 hours after clicking on a web site...

Oct 24, 2012 8:39 PM in response to Micheal LeVine

Its hard to say exactly what prompted the certificate alerts when I don't know what you have installed, or how you have security configured. There are many applications that automatically check for updates etc that could prompt a message if their service was affected by this certificate (remembering that this includes Apple, Microsoft, Facebook and Twitter), and the connection doesn't have to be to any of those, they just have to have a 1st party certificate associated with the location being connected to. Obviously something tried to make a connection. Is it malware? Probably not. The part that you should feel more comfortable with is that the connection should not have continued as soon as the prompt showed up. So over the 18 or 24 hours your system sat idle, its possible that the particular program made repeated attempts to perform its update... I would go through your firewall settings (I'm assuming you have this through security), and specify what can access the internet (and blocking all else). On my Mac, I have the master password setup also to prevent ANY changes unless the password is provided... again, I assume you must have similar options in security. The other thing you may want to consider is not leaving your internet on while you are away.

Oct 24, 2012 10:44 PM in response to canucksgirl01

canucksgirl01 wrote:


Installing Anti Virus software is an added level of security (the Apple updates are generally pushed after threats are found, but AV software deals with them asap).

Actually, that has not been true recently. I suspect that Apple has finally been able to collaborate on gathering samples at the same level as the A-V software vendors as their updates are now equal to and in a couple of cases, better with regard to timeliness. Lets hope they can keep this up.


Some A-V software claim to be able to catch malware by monitoring unusual behavior, but I've only observed this personally once in the spring when Little Snitch caught a new variant of Flashback and it took two or three days before any signatures were provided and even longer for Apple to patch Java to prevent it.

Oct 24, 2012 10:48 PM in response to Micheal LeVine

Micheal LeVine wrote:


Today I came home to find approx. 8 little popup windows floating in front of my Safari window, that had been idle for almost 24 hours, but something had tried to access whatever web sites are authenticated by this akami.net URL.

Many web pages automatically update themselves periodically (Facebook being one of them) with no mouse clicks or page refreshing necessary on the users part. This will always happen as long as the computer is awake and the browser is running with that web site displayed.

Nov 24, 2012 8:41 PM in response to canucksgirl01

Hi,


I have been encountering these errors on my computer for the past few months and it is a beyond frustrating experience. Some nights my internet is a complete write off because I am unable to access sites I regularly visit. Not to mention my Mac seems very slow to load pages. Sometimes it isn't even able to load pictures on popluar sites (ex. Facebook). I wish this problem was at least isolated to my MacBook Pro however my iPad2 has recently caught the same "virus"/error messages with popular websites.


I have taken my Mac to a local Apple store and despite the Genius Bar being friendly, they were unfortunately of little help. They used their time emptying caches from what they had told me. After visiting the Genius Bar that day, I thought it had been repaired however a few hours later static.ak errors continued to suffocate any online access I had.


I have tried to go into my Keychain access but I am unable to find "Keychain First Aid."


I feel very trapped in a place where I am unable to find anyone who can fix this error (occurring in both my MacBook Pro and iPad).


Can you please explain how I am able to see Keychain First Aid in Keychain access? Also, is this problem also causing my Mac to be slow in loading websites? It seems this problem has become a lot worse from when I first noticed it.


Thanks so much for taking the time to help people in this message.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.