Previous 1 2 3 Next 108 Replies Latest reply: Jan 31, 2016 5:38 PM by Bella0406
canucksgirl01 Level 1 Level 1

If you are getting a message like this:

 

Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)

 

This certificate is not valid (host name mismatch)

 

 

There is an EASY FIX for this...

 

Go to:

 

/Applications/Utilities/KeyChain Access

 

Select "KeyChain First Aid" from "KeyChain Access" (menu choice)

 

Make sure the radio button for "Verify" is selected, and then click the "Start" button.

 

Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").

 

It is not necessary to perform a "repair" if no problems were found.

 

If problems were found, follow up the verification process with the "repair" process.

 

FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.


MacBook, Mac OS X (10.6.8), White, Model A1342
Solved by canucksgirl01 on Oct 24, 2012 2:04 PM Solved
Here is the LATEST UPDATE: The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type... For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.  *** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).
Reply by canucksgirl01 on Oct 24, 2012 2:58 PM Helpful
MORE INFORMATION ABOUT CERTIFICATES & THE POTENTIAL FOR MALWARE I wanted to add this information, because I don't want people out there to get the false impression that certificate issues are always safe. In most cases they aren't about anything malicious, and "for the most part", we are safe... BUT, there ARE new threats popping up all the time that CAN affect you; such as "Morphing Flashback Malware", which makes some certificates, and updates (like an Adobe Flash Player update) etc appear "safe", when they are anything but. For those who would like to learn more about this potential threat, please read the following: Break in the SSL Chain of Trust Prompts Security Updates Apple Releases Update to Remove Flashback Trojan (affecting some 600,000+ Macs) Beware the Morphing Flashback Malware Bottom line is, threats out there exist. ** PLEASE, make sure you keep your OS and iOS devices up to date! ** Install Anti Virus Software for Macs. I recommend Sophos Anti-Virus for Macs, its free, its what I use, (and its found and destroyed a couple trojans on my Mac already)... but there are other programs out there that you can use. (Just do your research first!)

All replies

  • christopher rigby1 Level 4 Level 4

    Yes - that seems to fix it. Thanks canucksgirl!

  • bruxxx Level 1 Level 1

    I have several machines.

    Running this on one of them seemed to have worked, but the other is still getting the problem after verify and repair.

  • S. G. Level 1 Level 1
    expertise.iphone
    iPhone

    I tried your solution, found an error in Keychain that was repaired, but the problem continues.

     

    It is also happening on my iPod, and only with Safari.

     

    The problem started last night, and it happens on a majority of websites (including this discussion forum), where a popup warns me that the certificate for the site invalid while trying to connect to "s-static.ak.facebook.com" or other sites that I never use.

     

    I tried deleting apple security preferences, cleaning up some certificates, removing cookies for facebook. Nothing helps. The fact that it is happening so broadly (many users based on current Safari discussions), on all sorts of devices makes me think it is some type of malware or security problem with Safari.

  • WildBill Level 3 Level 3
    expertise.macosx
    Mac OS X

    Actually, this doesn't fix it. I'm still having it appear in Safari.

  • canucksgirl01 Level 1 Level 1

    bruxxx, S. G., and WildBill,

     

    Can you give me more info about the certificate error? Is it the same "static.ak.facebook.com" cert?
    Can you post a screenshot of the certificate message (expanded to include the details)?

    Which OS X version are you still having the problem with? (important)

     

    In the mean time, also double check your date & time settings. Certificates are set up to be 'valid' within a certain time frame (ie.: June 2004 - Dec 2015). If you accidentally set the date/time to an incorrect date/time, you can end up getting incessant errors for invalid or expired certificates (because Safari looks at your system date). I find keeping the checkbox for "set date and time automatically" selected helps avoid this annoying issue.

  • WildBill Level 3 Level 3
    expertise.macosx
    Mac OS X

    Yes, the same certificate. main-qimg-2a22a24fb0b0f93605f0922c27261670.png

     

    I'm on 10.8.2. Already checked date and time settings, which were as they should be.

     

    Found a possible fix for this on quora.com:

     

    http://www.quora.com/Akamai-Technologies-Inc/What-is-this-error-message-that-Saf ari-cant-verify-the-identity-of-the-website-static-ak-facebook-com

     

    I have removed only the com.apple.security.plist file although I also have the

    com.apple.security.revocation.plist file that he mentions.

     

    Too early to say if this fixes it. I'll post back.

  • S. G. Level 1 Level 1
    expertise.iphone
    iPhone

    My iPod is still acting up and gives the error "Cannot Verify Server Identity" for static.ak.facebook.com. The iPod is running OS5.1 and happens is only with Safari. I have no problem with time, and obviously, there is no keychain.

     

    Quite a few sites trigger this certificate problem (NYTimes, Apple Discussions, Macrumours.com...). It is probably due to the ubiquitous "Like" button from Facebook. I have never used facebook however.

     

    The sites that it tries to verify the identity of are either facebook, akamai, or others I cannot remember. They are not always "static.ak.facebook.com". If I say "Continue" rather than "Cancel", I am transferred to some gibberish site, not necessarily facebook related.

     

    I will check my laptop tonight that still had problems (even after deleting security preferences). Firefox is unaffected. Other discussions seem to say that the problem eventually corrects itself, and that it is due to Facebook somehow implanting cookies on Safari even the latter is set to accept none.

  • canucksgirl01 Level 1 Level 1

    Hey WildBill,

     

    In Mountain Lion, there is a bit of a quirk (if I can use that term) with certificates. You were definitely on the right track with the link you provided, but here is some more information about it and how you can fix it on ML.

     

    http://b.rthr.me/wp/?p=356

     

    Let me know if it works for you... (it seems to be the fix for ML).

  • WildBill Level 3 Level 3
    expertise.macosx
    Mac OS X

    Hi canucksgirl,

     

    Thanks for sharing the fruits of your investigation with us all here! I went to the link provided and deleted the requisite files. I did not find any certificates in Keychain Access with a blue +, so I'll let you know if it was enough to delete the aforementioned .plist files and rebuild the two caches.

     

    I wanted to give you a "This helped me" but that option wasn't open to me?

  • canucksgirl01 Level 1 Level 1

    Here is the LATEST UPDATE:

     

    The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...

     

    For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.

     

    *** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

  • S. G. Level 1 Level 1
    expertise.iphone
    iPhone

    Thank you for this update. I was starting to worry about malware, as I have also noticed some strange blips of activity from Java asking me to approve an incoming connection and disappearing right away before I can click it - probably unrelated. It is scary to see how one company can mess up millions of websites.

  • canucksgirl01 Level 1 Level 1

    Thanks WildBill,

     

    It would be nice to know if this worked for you.

     

    Apparently my user Level is too low to post this as a User Tip, so I had to post this in the form of a discussion question, so the options for "This helped me" and "This solved my question" appear to me only... Unfortunately, posting this help topic won't improve my points or Level as a result, but I felt that posting this fix topic separately was better than continuing to post the answer in other threads (as the OP's aren't always selecting the appropriate button, and my posts are getting buried in all the pages). ~ I just wanted to get the word out (one way or another), as I know how annoying it is to be stuck with a problem and can't find the solution.

     

    :-)

  • WildBill Level 3 Level 3
    expertise.macosx
    Mac OS X

    I'll definitely let you know.

     

    That's too bad, you should get some well-earned points out of this. Your participation and your selfless desire to help others is what makes these forums special.  

  • canucksgirl01 Level 1 Level 1

    MORE INFORMATION ABOUT CERTIFICATES & THE POTENTIAL FOR MALWARE

     

    I wanted to add this information, because I don't want people out there to get the false impression that certificate issues are always safe. In most cases they aren't about anything malicious, and "for the most part", we are safe...

     

    BUT, there ARE new threats popping up all the time that CAN affect you; such as "Morphing Flashback Malware", which makes some certificates, and updates (like an Adobe Flash Player update) etc appear "safe", when they are anything but.

     

    For those who would like to learn more about this potential threat, please read the following:

     

    Break in the SSL Chain of Trust Prompts Security Updates

     

    Apple Releases Update to Remove Flashback Trojan (affecting some 600,000+ Macs)

     

    Beware the Morphing Flashback Malware

     

    Bottom line is, threats out there exist.

     

    ** PLEASE, make sure you keep your OS and iOS devices up to date!

     

    ** Install Anti Virus Software for Macs. I recommend Sophos Anti-Virus for Macs, its free, its what I use, (and its found and destroyed a couple trojans on my Mac already)... but there are other programs out there that you can use. (Just do your research first!)

Previous 1 2 3 Next