Previous 1 2 Next 15 Replies Latest reply: May 20, 2006 10:36 AM by Jpfresno
Jane Evans Level 1 Level 1 (15 points)
Suddenly, Safari decided that "http://www.dartmouth.edu" should be "https://dartmouth.edu" As a result, I get the message: "Safari can’t open the page “https://www.dartmouth.edu/”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message."
This suddenly started occuring on my Intel iMac, but not on my G3 iBook. I have cleard the cache, and cannot think of whatelse to do, as it just changes to https immediately upon hitting the Enter key.
Any ideas?

Intel iMac 20". iBook G3, iMac G4, Mac OS X (10.4.6)
  • vmitchell Level 1 Level 1 (60 points)
    Have you tried resetting Safari by selecting "Reset Safari" from the Safari menu (next to the Apple in the top left corner)

    <hr>

    - Vince
  • MacLemon Level 2 Level 2 (450 points)
    i have tried the Link you told us and don't experience the autoredirect to https on my PPC based PowerBook. (Safari on 10.4.6)

    You need a valid digital certificate to enter the encrypted (https) site as a security measure. I guess you can obtain one from Dartmouth to correctly authenticate yourself against the server.

    Have you tried resetting your Safari?
    MacLemon
  • Jane Evans Level 1 Level 1 (15 points)
    1) I really do not want to reset Safari. There are too many things that would then be "broken." This worked perfectly well on the Intel machine until suddenly one day Safari decided there should be an extra "s" in the address.

    2) There actually is not an https address for Dartmouth, so asking for a certificate would be an excercise in futility. There are encrypted parts of the site, but they do not pertain to me, nor would the college offer a certificate. The correct address is "http://www.dartmouth.edu" and this can be reached from any other computer I have, just not the Intel one.
  • Barry Hemphill Level 8 Level 8 (36,580 points)
    Hello Jane:

    For what it is worth, I typed in both URLs on my G4 and G5 iMacs. They both (https as well) point to the same page. In other words, the web site ignores the https prefix.

    If you have not done so, clear the Safari cache. For "good luck" I would also trash the preference file (com.apple.safari.plist).

    Next would be the suggestion to reset Safari and, finally, to reinstall it.

    Barry

    Message was edited by: Barry Hemphill
  • Jane Evans Level 1 Level 1 (15 points)
    As I said, I have too many things important to me in Safari to reset or trash the whole thing. It is far easier to check anything at the Dartmouth site on my iBook than to recreate all certificates, bookmarks, etc. etc. on the iMac.
    We'll see what happens when another upgrade comes out. It may fix this little problem.
  • MacLemon Level 2 Level 2 (450 points)
    Don't get me wrong, but certificates etc. reside in your keychain, not in Safari. You could also easily backup them before resetting Safari. The same goes for your Bookmarks, Cookies, whatever. Noone said you should not do backups!

    It's still strange that the intel Mac redirects you automatically, no PPC machines seem to do this.

    Maybe try with another user on that intel Mac! That way you can see if it's Safari itself that has a problem or if it is some setting within your user.
    MacLemon
  • iBod Level 7 Level 7 (29,340 points)
    Hi,

    Trashing the file Barry refers to will not affect your certificates, bookmarks, history or autofill settings.

    Try accessing the Dartmouth site from a different user account to see how it behaves there. This will help us to know whether your problem is local to your account or a system wide problem. If you don't have another account you can use System Preferences -> Accounts -> [+] to create a test one (and [-] to remove it if needed)

    Hobbes
  • Jane Evans Level 1 Level 1 (15 points)
    Really wierd. Safari still puts in the https, but it loads just fine. Perhaps because there was, at the time, nothing in my Safari autofill keychain. Even after saving password, etc. to get in here, it still comes up. This was working for quite some time after getting the Intel and transferring everything from the old G5. It just suddenly decided to do this funny thing.
    For different reasons, I reinstalled the system, but this did not change a thing. Maybe a new version of Safari will help.
  • Jane Evans Level 1 Level 1 (15 points)
    This, by the way, is with the test user account. Forgot to mention that important little bit.
  • Micah Johnson Level 1 Level 1 (15 points)
    This happens on my MacBook Pro as well. I can open the page in Camino, but I get the -1205 error when I try to open it in Safari. I've noticed this problem for a while with sites at Dartmouth but only recently with the home page.

    I have a certificate from the Dartmouth Certificate Authority in my keychain and it doesn't help this problem.
  • Micah Johnson Level 1 Level 1 (15 points)
    I emailed webmaster@dartmouth.edu about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.

    "You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."

    "Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."

    "The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server."





       
  • Jane Evans Level 1 Level 1 (15 points)
    Just to further confuse things, without my doing ANYTHING, all parts of the site come up. No asking for certificate, or anything. I have NO client certificate, valid or not.
    Safari still puts the s on http as indicated, but between earlier today and now, at least for the time being, it is working. Somehow, I have the feeling that the college did something - perhaps as a result of your e-mail. If so, thanks!
  • Micah Johnson Level 1 Level 1 (15 points)
    Yes, I had many emails back and forth with the webmaster and other people at Dartmouth yesterday. I'm a graduate student in computer science at Dartmouth, so perhaps that helped too. In any case, it should work now.

    If anyone is interested, the problem was that the web server was asking Safari on intel macs for a certificate, Safari was returning a certificate used by iChat AV for encrypted chats, and the web server was rejecting this certificate since it could not verify authenticity. It wasn't a misconfiguration of our browsers or security settings, it was just a situation that the webmaster thought was very unlikely when they decided to make the entire site secure.
  • Jane Evans Level 1 Level 1 (15 points)
    I had wondered, since I use BlitzMail and have an alum address, if somehow that was getting caught up in the web. I found this problem because I enjoy looking at the Baker webcam (along with others) and suddenly it stopped.
    I guess the problem is solved, so thanks to everyone for helping.
Previous 1 2 Next