We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Trusted Root CAs for Safari?

wainwra
wainwra asked
on
Medium Priority
1,024 Views
Last Modified: 2006-11-17
How can I find out what the trusted root Certificate Authorities are for Safari?

I've been using Verisign for our company's SSL certificates, and have only recently become aware that there are alternatives!  I'm trying to find one that supports Safari as well as the usual culprits.
Comment
Watch Question

Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
Not my area of expertise, but curious if alternatives are listed ... Edit menu and choose Built-in Certificates

When I keyed in Certificate Authorities for Safari, many results here:
http://kbase.info.apple.com/mainpage

Also quite a bit here:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=safari+certificate+authorities

Author

Commented:
Er - my Safari's Edit menu doesn't have a Built-in Certificates option

I following the apple links, and looking at the Mac OS X options, I found a reference to an app called Keychain Access.  This seems to store saved passwords, but no certificates.  The help didn't find anything for certificates either.

So I've increased the points.
Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
I'm swamped today, and this is not my area of expertise; but perhaps you'll find some help in the Mac topic area in the link below
https://www.experts-exchange.com/Operating_Systems/Macintosh/

I'll see if I can post within an active question for one of the top experts there to help here.

Asta

Author

Commented:
I am STILL struggling to find any answer to this question.  And thank you, I've read all the links.

Please don't send me any more links to how to add certificates.

I'm trying to find out WHICH certificates Safari comes with trust for.  In other words, what are the trusted root certifcates for Safari.

Increasing points (again).

Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
Sorry to see that no one has responded to my other request for help in the Macintosh topic area for you; perhaps they still will.  Other than what I'm posting now, I'll forego additional input and do hope you achieve your goal.  

So far in my research on your behalf, the things I've found state Trusted Authorities such as Verisign or Thwate and others you may choose to accept.  Not too helpful.
https://rulink.rutgers.edu:1027/loadca.html
http://a352.g.akamai.net/7/352/51/31a9b430496d80/www.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf

The best of luck to you on your pursuit.
Asta

Commented:
You were trying to find one that supports safari. Verisign does. As far as I know, they ALL support safari. What they produce is just a certificate. That's pretty standard.

Author

Commented:
weed, I'm trying to find an alternative to verisign, so knowing that Verisign works doesn't really help much.  Ideally, I'd like to know which of the IE trusted root CAs are also trusted root CAs for Safari.

Commented:
It really doesn't have anything to do with Safari. A certificate is stored in the keychain, and when requested by a server, presents it.. You should be able to use ANY certificate because it's just a string of information. It doesn't have to be anything special to be stored in the keychain and used. Safari leaves all the storage up to the Keychain. The trick is to use a mainstream certificate authority because the whole point is to have a trusted certificate.
Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
Nothing new added here, nothing new found.  Have you gotten what you need?  It appears we've exhausted all resources and scoured the Internet, Apple and other sources without any hits more specific than what has been shared here.

Commented:
We answered this. It's a question where the only real answer was an explanation of how certificates work with Keychain and Safari.

Author

Commented:
Ah - no - sorry the question wasn't answered.

I just wanted a list of the certificates that Safari supports be default (without any user installing anything).

No one  was able to answer the question.

Andrew Wainwright
Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
I agree with weed; but would consider PAQ versus deletions, since the information posted is informative and helpful for others with similar goals.
Thanks for your hard work.

Whatever internal supports do exist in Safari is posted within the Safari environment help files as well as the owner links also provided; sorry that you, Andrew, didn't find this of value.  If I were in your shoes and wanted more expansive information from the developers of Safari, I'd have posted this request or feedback to them directly.  Wish I had more time to have explored this further, but don't.  We're here to help if/when and how we can in a totally "volunteer" environment.

Asta

Commented:
They ALL support Safari. Has nothing to do with safari anyway. Has everything to do with the Keychain. So more appropriately, they ALL support the Keychain. That's THE list.

Commented:
That's up to you.
Asta CuTechnical consultant & graphic design
CERTIFIED EXPERT
Top Expert 2004

Commented:
Fine by me.

Author

Commented:
I'm sorry - I do have to object.

I have found nowhere any documentation detail the certificates that are supported by users of the Safari browser (assuming that they have not had to do an certificate installation themselves).

With IE and netscape, there is a clear list, but not with Safari.  

I understand that certificates go into the keychain, but as I said, i see none in mine ,and yet I can clearly use SSL sites like amazon and ebay without getting warnings that the certificate is not trusted.

It simply isn't TRUE that all certificates are trusted by all browsers - I can make certificates for free that no one else will support, and there are CAs out there that sell cheap solutions which are only a littl ebit better than this.

Astaec says that the answer is in the Safari help files.  If so, I can't find it - and HE HASN@T SUPPLIED IT.

In case I'm not being clear - I want to know which certificates I can buy for my website, and know that Safari users will be able to trust them.  I was expecting a list along the lines of "Equifax 128bit global root", etc.  

Noone here has answered the question.

I strongly object to anyone getting points.

Andrew Wainwright
more than willing to discuss on the phone if required.

Commented:
The browser has NOTHING to do with it in this case. It's purely the keychain. And if you can store the cert in a keychain, it's compatible. Any cert can be stored in the keychain so theyre ALL compatible!

Author

Commented:
I'm sure you can put any cert in a keychain.
sigh
I want to know that if I buy a particular SSL certificate for our website, and then a Mac user goes there, that he will be told the site is trusted. - WITHOUT him first having to add anything to the keychain.

Commented:
I think you'd have to work pretty hard to find an untrusted cert if any exist. I've been using Macs a long time and have yet to find one that isnt trusted.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.