3 Replies Latest reply: Sep 19, 2013 7:12 AM by MrHoffman
shyam chiluka Level 1 (0 points)

I am unable to login to URL it is saying client certificate authentication required.


Please help me .


Also I receive my emails of our company but I cant send using company server to send emails .


Please help.





MacBook Air, iOS 6.1.4, recently purchased mac air
  • MrHoffman Level 6 (14,849 points)

    There are what appear to be three separate questions here.  About OS X client certificates, about iOS client certificates, and a request for assistance with Apple Mail SMTP access.  While Mail.app can use certificates, I'm going to guess that part of the question isn't related to certificates...


    For the first, I'll assume Safari 6 on a recent OS X release (eg: 10.7, 10.8), and that you're getting this sheet within Safari (dropdown triggered from a web site that needs client certificates):




    For the web access, Apple's documentation encourages you to please check with your IT folks, as it would appear that your organization uses personal certificate — a personally-identifying digital certificate, sometimes also called a client certificate — for web authentication.   This usually involves a sequence to acquire and load both the root certificate for the organization, as well as the personal or client certificate used to identify you personally.  Details here can and do vary by organization.


    This usually involves downloading and verifying the root certificate and the certificate fingerprint and then loading the organization's root certificate into Keychain (and usually) into the local keychain (you probably don't want to expose these certs to all local users), then following the organization's process for acquiring and signing a personal certificate — there are site-specific tools that perform this sequence within a number of organizations.  In general, you generate a certificate-signing request locally, then the organization signs it for you.  Alternatively, some organizations generate and download both the private and the public keys for you.  Your IT folks should (will?) know details of the specific local sequence.


    On the second question (iOS personal certificates), that's probably going to be a client certificate your IT organization provides to you, or possibly a local App or web site that helps you generate that certificate.  Again, the details vary by organization.  Check with your IT organization.


    If your IT organization doesn't know how to do this certificate creation and installation (for Safari on OS X and for Safari on iOS), then you're going to be reading and translating whatever instructions exist for the supported platform(s) into those necessary for OS X and iOS.  (I'll see if I can create and post a fairly generic set of documentation for OS X Server and OS X and iOS, but that'll not happen in your timeframe, and that'll inherently not include whatever organization-specific certificate details your IT organization will expect and need.)


    On to the third question...  And I would strongly encourage posting the mail issue as a separate and new question if the following doesn't answer this, as this question is very probably a set-up issue with the SMTP server configuration in your mail client and unrelated to how Safari on OS X and Safari on iOS deals with client certificates...


    To troubleshoot the SMTP settings issue in this thread (please: posting multiple questions together just confuses discussions, and definitely tends to confuse me as the threads inevitably get more complex and as more folks get involved), open Mail.app > Window > Connection Doctor in mail, and then Show Details and re-run the test.  Almost certainly, the username or password, the port, the SSL/TLS setting, or the server name is incorrect.  Connection Doctor might get you more details.  But all of these settings are specific to your organization, and specific to the SMTP send path.  The receive path — POP or IMAP — is apparently correct.  To get to the SMTP server send path in Mail.app, select the account in preferences and use the Edit Servers popup button.

  • Linc Davis Level 10 (192,848 points)

    Try another browser, such as Firefox.

  • MrHoffman Level 6 (14,849 points)

    If you do decide to try Firefox, remember that Firefox has its own local certificate store for client certificates (sharing that same local storage with the far more commonly discussed SSL/TLS root certificates), where Safari stores its client and root certificates in Keychain.  Put another way, to get both browsers working with the client cert(s) apparently in use here, you'll have to load those certs into both places.