Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Jane Evans
Jane Evans Author
User level: Level 1
15 points

Safari keeps changing a website to "secure"

Suddenly, Safari decided that "http://www.dartmouth.edu" should be "https://dartmouth.edu" As a result, I get the message: "Safari can’t open the page “ https://www.dartmouth.edu/”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message."
This suddenly started occuring on my Intel iMac, but not on my G3 iBook. I have cleard the cache, and cannot think of whatelse to do, as it just changes to https immediately upon hitting the Enter key.
Any ideas?

Intel iMac 20". iBook G3, iMac G4, Mac OS X (10.4.6)

Posted on May 12, 2006 9:49 AM

Reply
15 replies
User profile for user: MacLemon
MacLemon
User level: Level 2
455 points

May 12, 2006 12:37 PM in response to Jane Evans

i have tried the Link you told us and don't experience the autoredirect to https on my PPC based PowerBook. (Safari on 10.4.6)

You need a valid digital certificate to enter the encrypted (https) site as a security measure. I guess you can obtain one from Dartmouth to correctly authenticate yourself against the server.

Have you tried resetting your Safari?
MacLemon
Reply
User profile for user: Jane Evans
Jane Evans Author
User level: Level 1
15 points

May 13, 2006 8:41 AM in response to MacLemon

1) I really do not want to reset Safari. There are too many things that would then be "broken." This worked perfectly well on the Intel machine until suddenly one day Safari decided there should be an extra "s" in the address.

2) There actually is not an https address for Dartmouth, so asking for a certificate would be an excercise in futility. There are encrypted parts of the site, but they do not pertain to me, nor would the college offer a certificate. The correct address is "http://www.dartmouth.edu" and this can be reached from any other computer I have, just not the Intel one.
Reply
User profile for user: Barry Hemphill
Barry Hemphill
User level: Level 8
40,456 points

May 13, 2006 9:37 AM in response to Jane Evans

Hello Jane:

For what it is worth, I typed in both URLs on my G4 and G5 iMacs. They both (https as well) point to the same page. In other words, the web site ignores the https prefix.

If you have not done so, clear the Safari cache. For "good luck" I would also trash the preference file (com.apple.safari.plist).

Next would be the suggestion to reset Safari and, finally, to reinstall it.

Barry

Message was edited by: Barry Hemphill
Reply
User profile for user: MacLemon
MacLemon
User level: Level 2
455 points

May 14, 2006 4:07 AM in response to Jane Evans

Don't get me wrong, but certificates etc. reside in your keychain, not in Safari. You could also easily backup them before resetting Safari. The same goes for your Bookmarks, Cookies, whatever. Noone said you should not do backups!

It's still strange that the intel Mac redirects you automatically, no PPC machines seem to do this.

Maybe try with another user on that intel Mac! That way you can see if it's Safari itself that has a problem or if it is some setting within your user.
MacLemon
Reply
User profile for user: iBod
iBod
User level: Level 7
29,345 points

May 14, 2006 5:43 AM in response to Jane Evans

Hi,

Trashing the file Barry refers to will not affect your certificates, bookmarks, history or autofill settings.

Try accessing the Dartmouth site from a different user account to see how it behaves there. This will help us to know whether your problem is local to your account or a system wide problem. If you don't have another account you can use System Preferences -> Accounts -> [+] to create a test one (and [-] to remove it if needed)

User uploaded file
Reply
User profile for user: Jane Evans
Jane Evans Author
User level: Level 1
15 points

May 14, 2006 4:41 PM in response to iBod

Really wierd. Safari still puts in the https, but it loads just fine. Perhaps because there was, at the time, nothing in my Safari autofill keychain. Even after saving password, etc. to get in here, it still comes up. This was working for quite some time after getting the Intel and transferring everything from the old G5. It just suddenly decided to do this funny thing.
For different reasons, I reinstalled the system, but this did not change a thing. Maybe a new version of Safari will help.
Reply
User profile for user: Micah Johnson
Micah Johnson
User level: Level 1
15 points

May 16, 2006 8:02 PM in response to Jane Evans

I emailed webmaster@dartmouth.edu about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.

"You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."

"Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."

"The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server."





Reply
User profile for user: Jane Evans
Jane Evans Author
User level: Level 1
15 points

May 17, 2006 12:56 PM in response to Micah Johnson

Just to further confuse things, without my doing ANYTHING, all parts of the site come up. No asking for certificate, or anything. I have NO client certificate, valid or not.
Safari still puts the s on http as indicated, but between earlier today and now, at least for the time being, it is working. Somehow, I have the feeling that the college did something - perhaps as a result of your e-mail. If so, thanks!
Reply
User profile for user: Micah Johnson
Micah Johnson
User level: Level 1
15 points

May 18, 2006 10:48 AM in response to Jane Evans

Yes, I had many emails back and forth with the webmaster and other people at Dartmouth yesterday. I'm a graduate student in computer science at Dartmouth, so perhaps that helped too. In any case, it should work now.

If anyone is interested, the problem was that the web server was asking Safari on intel macs for a certificate, Safari was returning a certificate used by iChat AV for encrypted chats, and the web server was rejecting this certificate since it could not verify authenticity. It wasn't a misconfiguration of our browsers or security settings, it was just a situation that the webmaster thought was very unlikely when they decided to make the entire site secure.
Reply

Safari keeps changing a website to "secure"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up