Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Ignore SSL Certificate (The page requires a valid ssl client certificate)

With Safari you can run into problems with websites requesting a SSL certicate, but not requiring one.

You are likely to run into this error: "The page requires a valid ssl client certificate".

In my case I had this issue when accessing the SAP community website.

Check out this link and if you're lucky you wil be able to access it, if not you ran into the same problem as me. 😉


SAP says this about the error:

This is due to a bug in how SSL is handled by the browser.

In our SSL configuration, the client certificate authentication can be configured for "request", "require" or "ignore".

"Request" means that a certificate will be requested from the client, but it is not mandatory.

"Require" means that a certificate is mandatory.


But in fact Safari handles this correctly, however it is missing a feature called "Ignore this request for this website".

Does anyone have any idea on how to fix this????




This is what happens:

Safari receives a "certificate request" from a webserver and as a result it will look into it's certificate store to see if it has any certificates. If it does, it will ask you to select a certificate. But none of the certificates is valid for the site, so you will need to click on "cancel". However if you don't have any certificates installed then Safari won't ask you for a certificate and as a result you won't have a problem.



That was the basics, but now the problems:.

  1. The first time you entered a site which requests a certificate you've likely selected a certificate.
    As a result this selection is stored in the keychain as an "Identity preference".
    Because the selected certificate is invalid, you must remove it from the keychain or else you will keep getting certificate error when you try to access the SAP site.
    (You can google on how to do this)
  2. You have a certificate and because of this Safari prompts you to select one.
    You will have to click CANCEL on every request you will receive or else you'll run into the problem descibed above.
    It's very annoying because website like the SAP website will request for certificates many times while browsing their site.
    Sadly the Apple keychain/security is missing the feature: "Ignore this request for this website" which would fix this issue.
    If the only certificate you have is that of your Apple ID, then I guess you could safely remove it.
    I did too and did not have any adverse effects. Perhaps some people will go mad when I say this?!?!
    So if you choose to remove it, do so on your own risk.
    However, If like me you have other certificates that cannot be removed; you are screwed.😢
    You will have to wait for Apple to build some kind of solution and meanwhile keep clicking on CANCEL. CANCEL, CANCEL, CANCEL, ......


I hope this post is helpful to all of you MAC based Safari fans, and off course I hope someone offers a good solution..

MacBook Pro (15-inch Mid 2009), Mac OS X (10.7.5), Running Safari 6.0.5

Posted on

Reply

Page content loaded

Sep 25, 2014 3:29 AM in response to mrquery In response to mrquery

We experience it as soon as we enable iCloud. Then an apple certificate is automatically added to the keychain and used for every https-access. Deleting the certificate com.apple.idms.appleid.prd... will do as a workaround but the certificate continues to be added to the keyChain from time to time or if you start over deactivating iCloud and then activate back.


Is this still a bug in Safari? Rosario

Sep 25, 2014 3:29 AM

Reply Helpful

Oct 6, 2014 6:57 AM in response to mrquery In response to mrquery

We have been running into this as well since 10.7 or 10.8. We just have to require that everyone uses Chrome until Apple fixes this. A fix looks unlikely though considering how many years this has been an known bug for though.

Oct 6, 2014 6:57 AM

Reply Helpful
User profile for user: mrquery

Question: Ignore SSL Certificate (The page requires a valid ssl client certificate)