You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:


Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)


This certificate is not valid (host name mismatch)



There is an EASY FIX for this...


Go to:


/Applications/Utilities/KeyChain Access


Select "KeyChain First Aid" from "KeyChain Access" (menu choice)


Make sure the radio button for "Verify" is selected, and then click the "Start" button.


Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").


It is not necessary to perform a "repair" if no problems were found.


If problems were found, follow up the verification process with the "repair" process.


FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

112 replies

Nov 24, 2012 9:40 PM in response to MsVanessa

The First Aid process verifies ALL of your certificates. Like I mentioned in the other thread, when I ran this process, I also got the message "no problems found"; but that doesn't mean it didn't "verify" and update the certificate(s). After I ran the First Aid, I didn't have any more messages from any website, and I suspect that you won't either. So, revisit the websites that you were previously getting this message and see if its still occurring or if its been solved. :-)

Nov 24, 2012 11:00 PM in response to MsVanessa

There's nothing to worry about. Akamai is the host for Facebook and the Polyvore website uses the "Like" functionality, and therefore require the Facebook certificate. Safari is merely telling you that it "can't verify" the certificate because the name "Facebook" doesn't match up to the URL (which is to Polyvore). You can manage this under the "Show Certificate" options, under "Trust" and "When using this certificate", select the always trust option. (Doing this will stop you from getting incessant messages that it can't verify the Facebook Certificate).

Nov 24, 2012 11:33 PM in response to MsVanessa

MsVanessa wrote:


How come now when I go to Facebook the following appears?

I know that I have to use https://www.facebook.com and make a secure connection. If I type it as you did it gets automatically changed. IIRC, I had to opt-in to that at some point in the past but I thought I read something in the paper the other day that everybody would be required to use it.


It's definitely the way to go and I wish every web site would adopt such a policy.

Nov 24, 2012 11:36 PM in response to MsVanessa

That's a different problem. You should be able to solve it by clearing your DNS cache.


Applications > Utilities > Terminal


Find your OS version and copy (or type) the command into terminal and press Enter.


For Lion / Mountain Lion:


sudo killall -HUP mDNSResponder


For Leopard / Snow Leopard (10.5 and above):


dscacheutil -flushcache


For Leopard / Snow Leopard (10.4 and below) and for Tiger:


lookupd -flushcache


After that, close Terminal and check the FB website again.

Nov 24, 2012 11:56 PM in response to canucksgirl01

canucksgirl01 wrote:


Its not a "policy" change by Facebook

Sorry, but you are wrong about that. I just don't know whether it's been implemented yet or not.


Facebook moves all users to HTTPS for added security.


It's possible that DNS caching could be involved, as well, of course.


and I beleive your instructions should read:

For Tiger (10.4 and below):


lookupd -flushcache

Nov 25, 2012 12:17 AM in response to canucksgirl01

canucksgirl01 wrote:


Facebook moving to a secure connection doesn't create an invalid http connection. They would merely point the http connection to https.

You would certainly think so, but Facebook would have to have implemented it that way. When a number of users start suddenly having the same issue my troubleshooting self first asks "What's changed?"


DNS Caching has never been an issue for me, but I know that flushing has worked others, so I don't dismiss it as a solution the way some "helpers" here do.

Nov 25, 2012 7:31 AM in response to canucksgirl01

canucksgirl01:


When I go to Applications > Utilities > Terminal .. What am I typing in that white box that comes up when I double click on Terminal? Do I type: https//www.facebook.com ? How do I save this in the Terminal, because when I hit the red exit button I notice it doesn't save what I typed...


I have Safari Version 5.1.7 (6534.57.2)


Thanks so much!!

FIX for: "Safari can't verify the identity of the website" - certificate not valid

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.