Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:

Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)

This certificate is not valid (host name mismatch)

There is an EASY FIX for this...

Go to:

/Applications/Utilities/KeyChain Access

Select "KeyChain First Aid" from "KeyChain Access" (menu choice)

Make sure the radio button for "Verify" is selected, and then click the "Start" button.

Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").

It is not necessary to perform a "repair" if no problems were found.

If problems were found, follow up the verification process with the "repair" process.

FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Best reply

canucksgirl01 Author

Level 1

57 points

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:

The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...

For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.

*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

View in context

112 replies

Nov 25, 2012 7:40 AM in response to canucksgirl01

The version of my Macbook Pro is 10.6.8

MadMacs0

Level 5

5,221 points

Nov 25, 2012 10:18 AM in response to MsVanessa

MsVanessa wrote:

When I go to Applications > Utilities > Terminal .. What am I typing in that white box that comes up when I double click on Terminal? Do I type: https//www.facebook.com

Don't type anything. Copy and paste this line after the "$ " prompt:

dscacheutil -flushcache

then hit the return key.

How do I save this in the Terminal, because when I hit the red exit button I notice it doesn't save what I typed...

You don't need to save anything. When you see the "$ " prompt again choose quit from the Terminal Menu or type Command-Q. It's never a good idea to use the red button as that only closes the window and does not exit most applications.

Nov 25, 2012 12:45 PM in response to MsVanessa

Sorry MsVanessa, I thought you'd used Terminal before.

1. Copy this command:

dscacheutil -flushcache

2. Open Terminal (Applications > Utilites > Terminal)

3. Paste the command into Terminal (the application is ready after the "$") see image

4. Then close Terminal from the menu bar (at the very top of your screen), by clicking on Terminal in the menu and then selecting Quit Terminal.

(The command is telling your MacBook to empty the DNS (Domain Name Server) cache. By doing so, it should fix the problem you are having with access to Facebook. There is nothing to save).

Nov 26, 2012 3:48 PM in response to canucksgirl01

Hi again,

Thank you so so much for your wonderful help!

For some reason even though I checked off "trust this website" this message came up

How do I resolve this?

Nov 26, 2012 3:57 PM in response to MsVanessa

You're welcome MsVanessa. (Clicking the "This helped me" button(s) lets others know that my advice helped, and I think I earn member points that way too, but no big deal). :-)

Regarding that message, if you got it after clicking to checkout, then I would imagine there was an error with their server. I would contact Neiman Marcus and include the screenshot. It doesn't appear to browser related...

~ canucksgirl01

Nov 26, 2012 4:10 PM in response to canucksgirl01

Where can I click "This help me?"

Nov 26, 2012 4:13 PM in response to MsVanessa

sorry. nevermind... (You can't on this post).

MadMacs0

Level 5

5,221 points

Nov 26, 2012 7:52 PM in response to MsVanessa

MsVanessa wrote:

For some reason even though I checked off "trust this website" this message came up

...

How do I resolve this?

I can't help thinking that there is an underlying problem that we're missing here, but I don't have I'm about out of ideas.

Make sure you OS X 10.6.8 is fully up-to-date (nothing offered in Software Update).

Open Keychain Access again, select Preferences... from the Keychain Access menu (or type Command-, <that's a comma>), click on the "Certificates" tab and tell us what choices you have for OCSP, CRL and Priority.

Nov 27, 2012 8:29 AM in response to canucksgirl01

I have tried all the solutions in this thread and none of them solve the invalid certificate issue being discussed. One thing I have noted that no one else has mentioned (I think) is that the error only occurs on certain ISPs. When connected to Charter Broadband (Gainesville GA), the problem has never occured. However, using Frontier DSL (Franklin NC) the problem frequently occurs, on multiple devices, running multiple browsers. What would link ISP to this error? Any ideas?

Thanks, Mike.

Nov 30, 2012 6:34 AM in response to Motorbike Mike

I have the same problem, tried every solution I could find and I'm still running into Certificate errors... is Apple even looking at this. It's been quite a while since this appeared.

Nov 30, 2012 1:24 PM in response to Motorbike Mike

I can't see how the ISP has any affect Motorbike Mike, unless you are using different computers.

Nov 30, 2012 1:46 PM in response to mightymilk

@mightymilk,

I doubt that Apple is looking into this, because its not really an Apple problem. Safari is set up to alert the user to any instance where a problem may exist with the certificate associated to the site (and this is a good thing if a website is using a fake certificate). The problem that most of us were having was caused by the hosting service for Facebook and the fact that they changed the certificate and it caused the message to pop up for everyone. What many people got VERY confused by was the fact that they weren't using Facebook and some assumed there was a virus or something malicious going on. The reality however, is that a huge percentage of websites out there have some Facebook functionality (such as a "Like" button), and therefore have a certificate for their website, AND a certificate for Facebook.

So, if you are still getting certificate messages after running the Keychain First Aid, you need to check the details of the certificate(s) (by clicking on the "show certificate" button) to see if its something to trust or not to trust. You can search online to find your answer. Then under the certificate "Trust" section, choose the option from the drop down for "When using this certificate". By default its set to "use system defaults", but you can select an always/never trust option as required.

Beyond that, I don't know what to tell you. Safari will continue to alert you to a problematic certificate until you advise it on how to manage each problem.

Nov 30, 2012 1:53 PM in response to canucksgirl01

I understand exactly what's happening, the problem is that this issue is generating a false positive and after following every fix I could find I'm still experiencing the issue. So although its Certificates themselves that are causing the issue, it would behoove Apple to try and help resolve the issue, especially since it seems to only be affecting their browser.

Nov 30, 2012 2:02 PM in response to mightymilk

I understand your point. There could be more "user friendly" options to manage these sorts of things. :-)

That being said, did you click on the "show certificate" button and select the "always trust" option (if you believe its a false positive)?

Nov 30, 2012 2:13 PM in response to canucksgirl01

I'm weary to do that, since I'd be opening up my browser to malicious websites, but it's getting to the point that I'm avoiding websites that have any built-in Facebook functionality, which now a days is most sites. Still looking into it though, it's actually not affecting me right now... seems to come and go.

FIX for: "Safari can't verify the identity of the website" - certificate not valid