You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: canucksgirl01
canucksgirl01 Author
User level: Level 1
57 points

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:


Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)


This certificate is not valid (host name mismatch)



There is an EASY FIX for this...


Go to:


/Applications/Utilities/KeyChain Access


Select "KeyChain First Aid" from "KeyChain Access" (menu choice)


Make sure the radio button for "Verify" is selected, and then click the "Start" button.


Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").


It is not necessary to perform a "repair" if no problems were found.


If problems were found, follow up the verification process with the "repair" process.


FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Reply
Question marked as Top-ranking reply
User profile for user: canucksgirl01
canucksgirl01 Author
User level: Level 1
57 points

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

View in context
112 replies
User profile for user: dagivarb
dagivarb
User level: Level 1
0 points

Sep 4, 2013 10:26 AM in response to canucksgirl01

Dear all,


Just in case you have tried all the solutions above: Check your date & time settings.


I struggled with this certificate problem for some time on my young daughter´s macbook, and none of the solutions in this thread worked. Some websites would load normally, others not, and constantly, the "certificate not valid" popup appeared.


Then, I discovered that her date & time settings were set to January 2013, that is 8 months back. As a result, certificates issued after January 2013 are deemed "not valid yet" and the problems appear. It also affected App Store and MobileMe access.


After correcting the date, everything works just fine. So, in case you are stuck as I were, just check your upper right corner and make sure your computer lives in present time.

Reply
User profile for user: Hey_Rissa
Hey_Rissa
User level: Level 1
0 points

Dec 4, 2013 7:42 PM in response to WildBill

i have the same issue. i had a macbook pro and had the issue. now im on a completly different new computer i just got, havent had it a week and im getting the same error message of " "safari can not verify the identity of the website facebook.com. i tried changing the date and time that didn't work for me. anyone else have any ideas?

Reply
User profile for user: Jp Cooper
Jp Cooper
User level: Level 1
50 points

Jan 2, 2014 9:56 AM in response to canucksgirl01

I never hit this issue last year (2013) everything was working fine.


Off for a winter break at the end of Decemeber - come back to work - log in and every Site I hit w/ a secure conenction tosses up a Certificate warning. I've cleared cache - donea search for the facebook or akamai strings - reset Safari and Keychain. I am also getting the issue using Chrome and FireFox - all current versions as of Jan 1. The Date and Time are set to Auto update so that is not the problem.


So I guess Akamai and Apple and Facebook are continuously having this problem a year later. I do not even use or goto Facebook on my work computer and still am getting the s-static.ak.facebook.com Certificate error.


I have even had several secure URLs redirect to:

https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=28#


which displayed the following message:

SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone.


which in turn has nothing to do at all with where I was attempting to go.


This leads me to believe that something is F'ed up on the Certificate servers.

W T F Apple - FIX YOUR SH*T !!

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,227 points

Jan 2, 2014 7:07 PM in response to Jp Cooper

Jp Cooper wrote:


every Site I hit w/ a secure conenction tosses up a Certificate warning.

Open Keychain Access Preferences->Certirficates tab and tell us what the OCSP, CRL & Priority settings are.

So I guess Akamai and Apple and Facebook are continuously having this problem a year later. I do not even use or goto Facebook on my work computer and still am getting the s-static.ak.facebook.com Certificate error.

I'm not seeing anything even close to this.

W T F Apple - FIX YOUR SH*T !!

You do know that Apple is probably not reading this and you need to find another way to communicate issues you have with them.

Reply
User profile for user: canucksgirl01
canucksgirl01 Author
User level: Level 1
57 points

Jan 2, 2014 8:27 PM in response to Jp Cooper

I know you said your computer was set to Auto Update, but did you confirm that its on the correct year (and not just the correct day and month)? If it mistakenly was set to a date in the past it would explain why you get Certificate warnings across multiple browsers. (All Certificates have a Start Date as well as an End Date).


If that's okay, look at the Certificate Details and check the dates and other info to see if they are in fact all legit. If everything checks out, you do have the option to "accept" the certificate in which case it will stop any futher warnings.


And just so you know, the fact that you don't use Facebook (or go to it) doesn't have anything to do with this issue. A lot of people have been confused by this, but the fact remains that ALL websites that use Facebook Features such as the "Like" button, must also have the Facebook Certificate (as well as their own website Certificate); and if 'something' isn't right with the Certificate, you are given an alert to that fact.


None of that is really an Apple issue either.

Reply
User profile for user: David Utts
David Utts
User level: Level 1
5 points

Jan 8, 2014 10:14 PM in response to canucksgirl01

I also noticed "static.ak.facebook.com" since the end of December on my Macbook Pro (running 10.8.5).


It shows up on various websites... including my own website (www.beaconpointleader.com). What's weird is when I deactivate one of the plug ins in "Wordpress" administration on my site - it stops! The plug in is Hybrid Connect... but I already have determined it is not their issue as this does not get replicatd on any other mac... JUST MINE. Only my mac that responds when this plug in is activated and deactivated. When I turn it off - "static.ak.facebook.com" stops causing issues. Its baffling! It makes no sense that deactivating this would only affect my Mac and not replicate other places. So there is something, some place on my mac that is the cause of this but I am not finding it.


I have cleared my cache, reparied keychain (lost all my passwords 😟), changed my pw in facebook, turned off all my add ons in Firefox. I did a disk repair and permissions repair and scubbed everything else I could think of and stil the issue!


Not sure what to do now... if anyone has an idea let me know.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,227 points

Jan 9, 2014 7:12 PM in response to David Utts

David Utts wrote:


Both OCSP and CRL say "Best Attempt" - Priority is OCSP

That's as it should be. Should you ever hear that there are stolen or face certificates floating around you can tighten that up, but the settings you have are what I use most of the time.


I know that canucksgirl01's FirstAid approach seems to work for most. I hadn't heard about a system re-install before, but I can see how that might work. I normally don't recommend major OS X upgrades (not updates) until current issues are resolved, but unless somebody comes up with a new idea, you probably won't want to wait much longer if you are convinced that Mavericks has more to offer you.

Reply

FIX for: "Safari can't verify the identity of the website" - certificate not valid

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up