You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:


Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)


This certificate is not valid (host name mismatch)



There is an EASY FIX for this...


Go to:


/Applications/Utilities/KeyChain Access


Select "KeyChain First Aid" from "KeyChain Access" (menu choice)


Make sure the radio button for "Verify" is selected, and then click the "Start" button.


Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").


It is not necessary to perform a "repair" if no problems were found.


If problems were found, follow up the verification process with the "repair" process.


FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

112 replies

Jan 9, 2014 7:31 PM in response to David Utts

Just to clarify, my easy fix was simply to download and reapply one the latest combo updates to the OS I was using, not a full erase+reinstall, and not installing a new OS. It should not harm anything on your system, it's pretty easy and worth a try. For OS 10.8.5, I guess the file would be here: http://support.apple.com/kb/DL1676?viewlocale=en_US&locale=en_US

Jan 13, 2015 2:57 AM in response to canucksgirl01

This certificate error problem has just begun happening to me in early 2015, in on many, many webpages across a range of embedded URLs: Facebook, youtube, tumbler, and other less ubiquitous urls.


it is happening under Safari on both my MBP with Mavericks, and my iPad with iOS8

it is happening in my home as well as outside (in a public location with probably a different ISP than at home)


I have tried many solutions suggested here or on other threads on this topic things:

cleared various caches

deleted various plists

updated and confirmed the sync of the time on my hosts and firewall/router


when I inspect the certificates being flagged, they sometimes are issued by fairly obscure sounding authorities in odd places. I know this doesn't necessarily mean trouble, but a Facebook cert from a xxx.ru issuer ?!? It does make me afraid to just click "always trust".


this is making surfing and internet use really difficult


How do these system root certificates even get into my computer, through Apple Safari updates only? Can a hacker sneak rogue certs in there and then use them to do naughty things? Can anyone point to some article or help forum which really explains the problem thoroughly and provides a real fix?

FIX for: "Safari can't verify the identity of the website" - certificate not valid

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.