You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

FIX for: "Safari can't verify the identity of the website" - certificate not valid

If you are getting a message like this:


Safari can't verify the identity of the website "static.ak.facebook.com" (or ANY other address)


This certificate is not valid (host name mismatch)



There is an EASY FIX for this...


Go to:


/Applications/Utilities/KeyChain Access


Select "KeyChain First Aid" from "KeyChain Access" (menu choice)


Make sure the radio button for "Verify" is selected, and then click the "Start" button.


Once completed, it will tell you if any problems were found just above "Verification Completed".

(In my case "no problems found").


It is not necessary to perform a "repair" if no problems were found.


If problems were found, follow up the verification process with the "repair" process.


FYI: "KeyChain Access" stores info for Certificates. If a "mismatch" occurs, or a certificate is deamed "invalid" you get a warning. (This is part of your security). Performing "KeyChain First Aid" will verify ALL certificates and correct any "mismatching" by updating the certificate OR will tell you there was a problem (ie. a website using a fake certificate), in which case you need to follow through with "repair" and if necessary, not use the problematic website. BUT, in most cases, this message is NOT about anything malicious, its just part of the security settings that are trying to ensure ALL certificates associated to ANY website is correct, and since certificates expire and/or get updated, these conflicts can occur.

MacBook, Mac OS X (10.6.8), White, Model A1342

Posted on Oct 24, 2012 1:31 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 24, 2012 2:04 PM

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

112 replies
Question marked as Top-ranking reply

Oct 24, 2012 2:04 PM in response to S. G.

Here is the LATEST UPDATE:


The Akamai Network (the hosting service for many websites like Apple, Microsoft, Facebook and Twitter) which uses the a248.e.akamai.net URL (in this case for Facebook), has FINALLY become aware of this issue and is pushing out the fix as I type...


For everyone who was able to go through the KeyChain First Aid process (described above in the start of this thread) has been able to correct the problem already. For everyone else, the "fix" may take some time to populate over ALL the websites that are affected (i.e. millions...) so, you may have to be patient. I don't have specific help available for all iOS devices, but the update from Akamai will correct this problem.


*** Just be aware that websites have different schedules for when they push out updates. Some do this once a day, but others can do this as infrequently as once a week (depends on the website you're having trouble with).

Oct 24, 2012 9:00 AM in response to canucksgirl01

I tried your solution, found an error in Keychain that was repaired, but the problem continues.


It is also happening on my iPod, and only with Safari.


The problem started last night, and it happens on a majority of websites (including this discussion forum), where a popup warns me that the certificate for the site invalid while trying to connect to "s-static.ak.facebook.com" or other sites that I never use.


I tried deleting apple security preferences, cleaning up some certificates, removing cookies for facebook. Nothing helps. The fact that it is happening so broadly (many users based on current Safari discussions), on all sorts of devices makes me think it is some type of malware or security problem with Safari.

Oct 24, 2012 12:36 PM in response to bruxxx

bruxxx, S. G., and WildBill,


Can you give me more info about the certificate error? Is it the same "static.ak.facebook.com" cert?
Can you post a screenshot of the certificate message (expanded to include the details)?

Which OS X version are you still having the problem with? (important)


In the mean time, also double check your date & time settings. Certificates are set up to be 'valid' within a certain time frame (ie.: June 2004 - Dec 2015). If you accidentally set the date/time to an incorrect date/time, you can end up getting incessant errors for invalid or expired certificates (because Safari looks at your system date). I find keeping the checkbox for "set date and time automatically" selected helps avoid this annoying issue.

Oct 24, 2012 12:46 PM in response to canucksgirl01

Yes, the same certificate. User uploaded file


I'm on 10.8.2. Already checked date and time settings, which were as they should be.


Found a possible fix for this on quora.com:


http://www.quora.com/Akamai-Technologies-Inc/What-is-this-error-message-that-Saf ari-cant-verify-the-identity-of-the-website-static-ak-facebook-com


I have removed only the com.apple.security.plist file although I also have the

com.apple.security.revocation.plist file that he mentions.


Too early to say if this fixes it. I'll post back.

Oct 24, 2012 12:49 PM in response to canucksgirl01

My iPod is still acting up and gives the error "Cannot Verify Server Identity" for static.ak.facebook.com. The iPod is running OS5.1 and happens is only with Safari. I have no problem with time, and obviously, there is no keychain.


Quite a few sites trigger this certificate problem (NYTimes, Apple Discussions, Macrumours.com...). It is probably due to the ubiquitous "Like" button from Facebook. I have never used facebook however.


The sites that it tries to verify the identity of are either facebook, akamai, or others I cannot remember. They are not always "static.ak.facebook.com". If I say "Continue" rather than "Cancel", I am transferred to some gibberish site, not necessarily facebook related.


I will check my laptop tonight that still had problems (even after deleting security preferences). Firefox is unaffected. Other discussions seem to say that the problem eventually corrects itself, and that it is due to Facebook somehow implanting cookies on Safari even the latter is set to accept none.

Oct 24, 2012 2:02 PM in response to canucksgirl01

Hi canucksgirl,


Thanks for sharing the fruits of your investigation with us all here! I went to the link provided and deleted the requisite files. I did not find any certificates in Keychain Access with a blue +, so I'll let you know if it was enough to delete the aforementioned .plist files and rebuild the two caches.


I wanted to give you a "This helped me" but that option wasn't open to me?

Oct 24, 2012 2:21 PM in response to WildBill

Thanks WildBill,


It would be nice to know if this worked for you.


Apparently my user Level is too low to post this as a User Tip, so I had to post this in the form of a discussion question, so the options for "This helped me" and "This solved my question" appear to me only... Unfortunately, posting this help topic won't improve my points or Level as a result, but I felt that posting this fix topic separately was better than continuing to post the answer in other threads (as the OP's aren't always selecting the appropriate button, and my posts are getting buried in all the pages). ~ I just wanted to get the word out (one way or another), as I know how annoying it is to be stuck with a problem and can't find the solution.


:-)

Oct 24, 2012 2:58 PM in response to canucksgirl01

MORE INFORMATION ABOUT CERTIFICATES & THE POTENTIAL FOR MALWARE


I wanted to add this information, because I don't want people out there to get the false impression that certificate issues are always safe. In most cases they aren't about anything malicious, and "for the most part", we are safe...


BUT, there ARE new threats popping up all the time that CAN affect you; such as "Morphing Flashback Malware", which makes some certificates, and updates (like an Adobe Flash Player update) etc appear "safe", when they are anything but.


For those who would like to learn more about this potential threat, please read the following:


Break in the SSL Chain of Trust Prompts Security Updates


Apple Releases Update to Remove Flashback Trojan (affecting some 600,000+ Macs)


Beware the Morphing Flashback Malware


Bottom line is, threats out there exist.


** PLEASE, make sure you keep your OS and iOS devices up to date!


** Install Anti Virus Software for Macs. I recommend Sophos Anti-Virus for Macs, its free, its what I use, (and its found and destroyed a couple trojans on my Mac already)... but there are other programs out there that you can use. (Just do your research first!)

FIX for: "Safari can't verify the identity of the website" - certificate not valid

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.