FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:

Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)

This certificate is not valid (host name mismatch)

There is an EASY FIX for this...

Go to:

/Applications/Utilities/KeyChain Access

Select "KeyChain First Aid" from "KeyChain Access" (menu choice)

Make sure the radio button for "Verify" is selected, and then click the "Start" button.

Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").

It is not necessary to perform a "repair" if no problems were found.

If problems were found, follow up the verification process with the "repair" process.

FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

112 replies

Nov 24, 2012 9:27 PM in response to canucksgirl01

Thanks for the speedy reply! Greatly appreciated 🙂

When I followed the Keychain process no problems were found. How would you suggest I solve my problem with these static.ak errors? Should I have my Macbook re-installed? Or is there another way to repair it?

Nov 24, 2012 9:40 PM in response to MsVanessa

The First Aid process verifies ALL of your certificates. Like I mentioned in the other thread, when I ran this process, I also got the message "no problems found"; but that doesn't mean it didn't "verify" and update the certificate(s). After I ran the First Aid, I didn't have any more messages from any website, and I suspect that you won't either. So, revisit the websites that you were previously getting this message and see if its still occurring or if its been solved. :-)

Nov 24, 2012 10:09 PM in response to canucksgirl01

I just received the following message after "no problems" were found with Keychain First Aid. The message appeared on a site I was on that was not in fact Facebook (it was a retail store).

Attached is the screen shot. Please let me know how to resolve this. Thanks so much!

Nov 24, 2012 10:14 PM in response to MsVanessa

Can you click on the "Show Certificate" button and expand open all the options in the certificate details, and retake the screenshot?

I can't really tell you how to proceed without more info.

Nov 24, 2012 10:24 PM in response to canucksgirl01

Yes sure thing. Here are the following screen shots (I scrolled down on the certificate so you are able to see the full message, hence 3 screen shots). Really appreciate your time, thanks.

Thanks

Nov 24, 2012 11:00 PM in response to MsVanessa

There's nothing to worry about. Akamai is the host for Facebook and the Polyvore website uses the "Like" functionality, and therefore require the Facebook certificate. Safari is merely telling you that it "can't verify" the certificate because the name "Facebook" doesn't match up to the URL (which is to Polyvore). You can manage this under the "Show Certificate" options, under "Trust" and "When using this certificate", select the always trust option. (Doing this will stop you from getting incessant messages that it can't verify the Facebook Certificate).

Nov 24, 2012 11:07 PM in response to canucksgirl01

Thanks.

How come now when I go to Facebook the following appears? So many issues - my apologies!!

MadMacs0

Level 5

5,233 points

Nov 24, 2012 11:33 PM in response to MsVanessa

MsVanessa wrote:

How come now when I go to Facebook the following appears?

I know that I have to use https://www.facebook.com and make a secure connection. If I type it as you did it gets automatically changed. IIRC, I had to opt-in to that at some point in the past but I thought I read something in the paper the other day that everybody would be required to use it.

It's definitely the way to go and I wish every web site would adopt such a policy.

Nov 24, 2012 11:36 PM in response to MsVanessa

That's a different problem. You should be able to solve it by clearing your DNS cache.

Applications > Utilities > Terminal

Find your OS version and copy (or type) the command into terminal and press Enter.

For Lion / Mountain Lion:

sudo killall -HUP mDNSResponder

For Leopard / Snow Leopard (10.5 and above):

dscacheutil -flushcache

For Leopard / Snow Leopard (10.4 and below) and for Tiger:

lookupd -flushcache

After that, close Terminal and check the FB website again.

Nov 24, 2012 11:42 PM in response to MadMacs0

@MadMacs0 - DNS request are normally cached to speed up lookups, but when values are no longer valid, you can end up with errors like you both have described. Its not a "policy" change by Facebook, and not everyone is having this problem (but many are, due to the reason I just explained).

MadMacs0

Level 5

5,233 points

Nov 24, 2012 11:56 PM in response to canucksgirl01

canucksgirl01 wrote:

Its not a "policy" change by Facebook

Sorry, but you are wrong about that. I just don't know whether it's been implemented yet or not.

Facebook moves all users to HTTPS for added security.

It's possible that DNS caching could be involved, as well, of course.

and I beleive your instructions should read:

For Tiger (10.4 and below):

lookupd -flushcache

Nov 25, 2012 12:04 AM in response to MadMacs0

@MadMacs0 - Facebook moving to a secure connection doesn't create an invalid http connection. They would merely point the http connection to https.

Correct. The 3rd should have just said Tiger... (Its been a long day).

MadMacs0

Level 5

5,233 points

Nov 25, 2012 12:17 AM in response to canucksgirl01

canucksgirl01 wrote:

Facebook moving to a secure connection doesn't create an invalid http connection. They would merely point the http connection to https.

You would certainly think so, but Facebook would have to have implemented it that way. When a number of users start suddenly having the same issue my troubleshooting self first asks "What's changed?"

DNS Caching has never been an issue for me, but I know that flushing has worked others, so I don't dismiss it as a solution the way some "helpers" here do.

Nov 25, 2012 12:33 AM in response to MadMacs0

Depends on how many are "a number of users". I haven't had any problems accessing Facebook regardless of the protocol. I only know of one other person who did, and it was solved by flushing the DNS cache.

Nov 25, 2012 7:31 AM in response to canucksgirl01

canucksgirl01:

When I go to Applications > Utilities > Terminal .. What am I typing in that white box that comes up when I double click on Terminal? Do I type: https//www.facebook.com ? How do I save this in the Terminal, because when I hit the red exit button I notice it doesn't save what I typed...

I have Safari Version 5.1.7 (6534.57.2)

Thanks so much!!

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

FIX for: "Safari can't verify the identity of the website" - certificate not valid