You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari 9 - I cannot install extensions

Hi,


since the update to Safari 9 and OSX 10.11 I cannot install extension from the extension gallery in Safari anymore. I click on an extension and the extension window opens but there is no button that says "install now" or anything like that. I have attached a screenshot showing the extension page. Is anyone else having the same problem?


User uploaded file

MacBook Pro (Retina, 15-inch, Late 2013), OS X Yosemite (10.10)

Posted on Oct 1, 2015 4:53 PM

Reply
86 replies
Sort By: 

Jun 29, 2016 9:19 PM in response to vslavik

THANK YOU!!!


Note that this stale certificate may also be in the "System" keychain (NOT System Roots) and cause this problem.


The root cause of this is a screw-up by Verisign/Symantec a decade ago, creating “VeriSign Class 3 Public Primary Certification Authority - G5” as an intermediate certificate signed by a weaker (1024-bit) root certificate. They "fixed" that error by re-issuing “VeriSign Class 3 Public Primary Certification Authority - G5” as a self-signed root with the same common name, distinguished name, and public key. That way they didn't need to re-issue all their customers' certificates signed with the intermediate. However, the removal of the stale weak root that had signed the original intermediate version from System Roots in El Capitan left the intermediate version as rootless, and it is actually indeterminate whether the system will pick the new root or the old broken intermediate when verifying a signature chain because all of the supposedly unique identifiers are the same. In principle the intermediate (in the login or System keychain) should be used but in testing chain verification in Keychain Access on a machine with both certs I found that sometimes a downstream cert used one path and sometimes it used the other. No theory why...

Reply

Nov 24, 2016 1:28 PM in response to JohnnyFJohnsson

Open Keychain Access application, go to login keychain and remove all the expired certificates in there. Quit Safari and click on the icon of it while holding Shift button. This will launch Safari in safe mode. Go to extensions gallery and "install now" buttons should be there.

Reply

Safari 9 - I cannot install extensions

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.