Mac OS X 10.4.9 Special Report: Secure site access broken: fixes
Some users are reporting problems with access to secure sites after applying the Mac OS X 10.4.9 update. Potential fixes include replacing the X509Anchors file.
Some users are reporting problems with access to secure sites after applying the Mac OS X 10.4.9 update.
MacFixIt reader Jim K writes:
"I updated 15 Macs at work, both power PC and Intel. Now I have one Intel iMac and one Power PC where Safari won't load any https: sites. I get the error message: Safari can?t open the page ?https://www.xxxxxxxx.net/? because it couldn't establish a secure connection to the server ?www.xxxxxxxx.net?. I have deleted the plist file, reset Safari, cleared the different cache files and reinstalled the proper Combo updater. Nothing works. I also created a new user and tried to go to a secure site and get the same error message."
Fixes for this issue include:
Replace the X509Anchors file It appears that in some cases, the X509Anchors is not properly installed by the Mac OS X 10.4.9 update, and replacing it with a valid copy can resolve issues with secure site access.
In order to do so, there are two options:
1. Copy the X509Anchors file (which is located in /System/Library/Keychains/ from another system running Mac OS X 10.4.9 that is able to access secure sites back to the system running Mac OS X 10.4.9 that isn't able to access secure sites.
2. Extract the X509Anchors file from the Mac OS X 10.4.9 installer package and place it on your startup volume, replacing the damaged copy via the following instructions:
- Download the Mac OS X 10.4.9 combo updater appropriate to your system (from Apple's download page).
- Download and install the shareware application Pacifist
- Drag the Mac OS X 10.4.9 installer package (e.g. MacOSXUpdCombo10.4.9Intel.pkg) onto the Pacifist application icon.
- Click the triangle next to "System" to expand it
- Click the triangle next to "Library" to expand it
- Click the triangle next to "Keychains" to expand it
- Scroll down and find the file X509Anchors. Drag it to your Desktop or another location (you will have to enter your administrator password)
- On your Mac OS X startup drive, navigate to /System/Library/Keychains and locate a similarly named file (X509Anchors). Move it to another location for safe keeping.
- Now drag the file from step 7 (the one that you retrieved from the Mac OS X 10.4.9 combo install package) into the /System/Library/Keychains, in effect replacing the damaged file with a good copy -- you will have to enter an administrator password.
- Restart your Mac
MacFixIt reader Jim K had success with this fix:
Delete .plist Delete the file com.apple.security.revocation.plist from the following directory:
- /Library/Preferences
You can replicate this workaround to some extent without deleting any files by opening Keychain Access (as mentioned above) then navigating to its Preferences (under the Keychain Access menu), clicking on the "Certificates" tab and making sure that both "Online Certificate Status Protocol (OCSP)" and "Certificate Revocation List (CRL)" are turned off. However, some users have found that only deleting the aforementioned file works.
Unfortunately, in some cases, it may be up to certificate providers to update their certification methods for compliance with Apple's new, more stringent security standards.
Temporarily disabling JavaScript JavaScript can be disabled by opening Safari's preferences (under the "Safari" menu) then clicking the "Security" tab and de-selecting the option "Enable JavaScript."Empty cache In other cases, this problem can be solved by simply emptying the cache (Safari menu > Empty Cache). In other cases, the solution is to open Safari's preferences, then click on the Security tab, then "Show cookies" and deleting all cookies.
Delete .plist file Some users have found success with deleting the file com.apple.Safari.plist from ~/Library/Preferences.
Reset Safari Finally, resetting Safari (via the "Reset Safari" command, accessible under the "Safari" menu) can resolve site access/login issues in some cases. Note that this will delete your browser history, cache, cookies, and other stored data.
Double-click login.keychain In some cases, the solution is easy as navigating to ~/Library/Keychains/ (this is the Library folder inside your user home folder), then finding the file named "login.keychain" and double-clicking it.
Index:
- Release notes
- Update procedure recommendation
- Common workarounds for when things go wrong post-update
- Downgrading to Mac OS X 10.4.8 (uninstalling Mac OS X 10.4.9)
- Files modified by this update
- AirPort: Loss of connectivity, card not recognized, more
- Application launch problems
- Bluetooth device issues
- Classic: Will not run, other issues
- Disk images not mounting
- Eject key issues: Longer duration before action takes place
- External optical drives: hardware errors
- Final Cut Pro/Express: Capture issues, performance concerns
- Finder persistently crashes and re-launches
- iSync issues/general synchronization problems
- Mail.app: junk filters not working
- Microsoft Office: Various issues
- Networking problems with Mac OS 9 systems
- Persistent booting into Windows
- Printer problems, fixes
- Problems starting up
- Resolved issues
- Secure site access broken: fixes
- Segmentation faults
- Third-party device issues (Nikon Capture NX, Griffin AirClick, more)
- Update to Final Cut Pro 5.1.4 for best performance
- Volume significantly louder: boon for some, drawback for others
- VPN connectivity issues
- WWAN update included, how to remove
Resources