wainwra
asked on
Trusted Root CAs for Safari?
How can I find out what the trusted root Certificate Authorities are for Safari?
I've been using Verisign for our company's SSL certificates, and have only recently become aware that there are alternatives! I'm trying to find one that supports Safari as well as the usual culprits.
I've been using Verisign for our company's SSL certificates, and have only recently become aware that there are alternatives! I'm trying to find one that supports Safari as well as the usual culprits.
ASKER
Er - my Safari's Edit menu doesn't have a Built-in Certificates option
I following the apple links, and looking at the Mac OS X options, I found a reference to an app called Keychain Access. This seems to store saved passwords, but no certificates. The help didn't find anything for certificates either.
So I've increased the points.
I following the apple links, and looking at the Mac OS X options, I found a reference to an app called Keychain Access. This seems to store saved passwords, but no certificates. The help didn't find anything for certificates either.
So I've increased the points.
I'm swamped today, and this is not my area of expertise; but perhaps you'll find some help in the Mac topic area in the link below
https://www.experts-exchange.com/Operating_Systems/Macintosh/
I'll see if I can post within an active question for one of the top experts there to help here.
Asta
https://www.experts-exchange.com/Operating_Systems/Macintosh/
I'll see if I can post within an active question for one of the top experts there to help here.
Asta
Try these. I'm currently using verisign with safari and mail.app
http://www.macosxhints.com/article.php?story=20030124064421978&query=safari+certificate
http://www.macosxhints.com/article.php?story=20031023144031331&query=safari+certificate
http://www.macosxhints.com/article.php?story=20031028154419136&query=safari+certificate
http://www.macosxhints.com/article.php?story=20030124064421978&query=safari+certificate
http://www.macosxhints.com/article.php?story=20031023144031331&query=safari+certificate
http://www.macosxhints.com/article.php?story=20031028154419136&query=safari+certificate
ASKER
I am STILL struggling to find any answer to this question. And thank you, I've read all the links.
Please don't send me any more links to how to add certificates.
I'm trying to find out WHICH certificates Safari comes with trust for. In other words, what are the trusted root certifcates for Safari.
Increasing points (again).
Please don't send me any more links to how to add certificates.
I'm trying to find out WHICH certificates Safari comes with trust for. In other words, what are the trusted root certifcates for Safari.
Increasing points (again).
Sorry to see that no one has responded to my other request for help in the Macintosh topic area for you; perhaps they still will. Other than what I'm posting now, I'll forego additional input and do hope you achieve your goal.
So far in my research on your behalf, the things I've found state Trusted Authorities such as Verisign or Thwate and others you may choose to accept. Not too helpful.
https://rulink.rutgers.edu:1027/loadca.html
http://a352.g.akamai.net/7/352/51/31a9b430496d80/www.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf
The best of luck to you on your pursuit.
Asta
So far in my research on your behalf, the things I've found state Trusted Authorities such as Verisign or Thwate and others you may choose to accept. Not too helpful.
https://rulink.rutgers.edu:1027/loadca.html
http://a352.g.akamai.net/7/352/51/31a9b430496d80/www.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf
The best of luck to you on your pursuit.
Asta
You were trying to find one that supports safari. Verisign does. As far as I know, they ALL support safari. What they produce is just a certificate. That's pretty standard.
ASKER
weed, I'm trying to find an alternative to verisign, so knowing that Verisign works doesn't really help much. Ideally, I'd like to know which of the IE trusted root CAs are also trusted root CAs for Safari.
It really doesn't have anything to do with Safari. A certificate is stored in the keychain, and when requested by a server, presents it.. You should be able to use ANY certificate because it's just a string of information. It doesn't have to be anything special to be stored in the keychain and used. Safari leaves all the storage up to the Keychain. The trick is to use a mainstream certificate authority because the whole point is to have a trusted certificate.
Nothing new added here, nothing new found. Have you gotten what you need? It appears we've exhausted all resources and scoured the Internet, Apple and other sources without any hits more specific than what has been shared here.
We answered this. It's a question where the only real answer was an explanation of how certificates work with Keychain and Safari.
ASKER
Ah - no - sorry the question wasn't answered.
I just wanted a list of the certificates that Safari supports be default (without any user installing anything).
No one was able to answer the question.
Andrew Wainwright
I just wanted a list of the certificates that Safari supports be default (without any user installing anything).
No one was able to answer the question.
Andrew Wainwright
I agree with weed; but would consider PAQ versus deletions, since the information posted is informative and helpful for others with similar goals.
Thanks for your hard work.
Whatever internal supports do exist in Safari is posted within the Safari environment help files as well as the owner links also provided; sorry that you, Andrew, didn't find this of value. If I were in your shoes and wanted more expansive information from the developers of Safari, I'd have posted this request or feedback to them directly. Wish I had more time to have explored this further, but don't. We're here to help if/when and how we can in a totally "volunteer" environment.
Asta
Thanks for your hard work.
Whatever internal supports do exist in Safari is posted within the Safari environment help files as well as the owner links also provided; sorry that you, Andrew, didn't find this of value. If I were in your shoes and wanted more expansive information from the developers of Safari, I'd have posted this request or feedback to them directly. Wish I had more time to have explored this further, but don't. We're here to help if/when and how we can in a totally "volunteer" environment.
Asta
They ALL support Safari. Has nothing to do with safari anyway. Has everything to do with the Keychain. So more appropriately, they ALL support the Keychain. That's THE list.
That's up to you.
Fine by me.
ASKER
I'm sorry - I do have to object.
I have found nowhere any documentation detail the certificates that are supported by users of the Safari browser (assuming that they have not had to do an certificate installation themselves).
With IE and netscape, there is a clear list, but not with Safari.
I understand that certificates go into the keychain, but as I said, i see none in mine ,and yet I can clearly use SSL sites like amazon and ebay without getting warnings that the certificate is not trusted.
It simply isn't TRUE that all certificates are trusted by all browsers - I can make certificates for free that no one else will support, and there are CAs out there that sell cheap solutions which are only a littl ebit better than this.
Astaec says that the answer is in the Safari help files. If so, I can't find it - and HE HASN@T SUPPLIED IT.
In case I'm not being clear - I want to know which certificates I can buy for my website, and know that Safari users will be able to trust them. I was expecting a list along the lines of "Equifax 128bit global root", etc.
Noone here has answered the question.
I strongly object to anyone getting points.
Andrew Wainwright
more than willing to discuss on the phone if required.
I have found nowhere any documentation detail the certificates that are supported by users of the Safari browser (assuming that they have not had to do an certificate installation themselves).
With IE and netscape, there is a clear list, but not with Safari.
I understand that certificates go into the keychain, but as I said, i see none in mine ,and yet I can clearly use SSL sites like amazon and ebay without getting warnings that the certificate is not trusted.
It simply isn't TRUE that all certificates are trusted by all browsers - I can make certificates for free that no one else will support, and there are CAs out there that sell cheap solutions which are only a littl ebit better than this.
Astaec says that the answer is in the Safari help files. If so, I can't find it - and HE HASN@T SUPPLIED IT.
In case I'm not being clear - I want to know which certificates I can buy for my website, and know that Safari users will be able to trust them. I was expecting a list along the lines of "Equifax 128bit global root", etc.
Noone here has answered the question.
I strongly object to anyone getting points.
Andrew Wainwright
more than willing to discuss on the phone if required.
The browser has NOTHING to do with it in this case. It's purely the keychain. And if you can store the cert in a keychain, it's compatible. Any cert can be stored in the keychain so theyre ALL compatible!
ASKER
I'm sure you can put any cert in a keychain.
sigh
I want to know that if I buy a particular SSL certificate for our website, and then a Mac user goes there, that he will be told the site is trusted. - WITHOUT him first having to add anything to the keychain.
sigh
I want to know that if I buy a particular SSL certificate for our website, and then a Mac user goes there, that he will be told the site is trusted. - WITHOUT him first having to add anything to the keychain.
I think you'd have to work pretty hard to find an untrusted cert if any exist. I've been using Macs a long time and have yet to find one that isnt trusted.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When I keyed in Certificate Authorities for Safari, many results here:
http://kbase.info.apple.com/mainpage
Also quite a bit here:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=safari+certificate+authorities