Solved

Trusted Root CAs for Safari?

Posted on 2004-03-22
25
927 Views
Last Modified: 2006-11-17
How can I find out what the trusted root Certificate Authorities are for Safari?

I've been using Verisign for our company's SSL certificates, and have only recently become aware that there are alternatives!  I'm trying to find one that supports Safari as well as the usual culprits.
0
Comment
Question by:wainwra
  • 8
  • 6
  • 6
  • +1
25 Comments
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10654200
Not my area of expertise, but curious if alternatives are listed ... Edit menu and choose Built-in Certificates

When I keyed in Certificate Authorities for Safari, many results here:
http://kbase.info.apple.com/mainpage

Also quite a bit here:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=safari+certificate+authorities
0
 

Author Comment

by:wainwra
ID: 10656425
Er - my Safari's Edit menu doesn't have a Built-in Certificates option

I following the apple links, and looking at the Mac OS X options, I found a reference to an app called Keychain Access.  This seems to store saved passwords, but no certificates.  The help didn't find anything for certificates either.

So I've increased the points.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10657896
I'm swamped today, and this is not my area of expertise; but perhaps you'll find some help in the Mac topic area in the link below
http://www.experts-exchange.com/Operating_Systems/Macintosh/

I'll see if I can post within an active question for one of the top experts there to help here.

Asta
0
 
LVL 30

Expert Comment

by:weed
ID: 10659763
0
 

Author Comment

by:wainwra
ID: 10703160
I am STILL struggling to find any answer to this question.  And thank you, I've read all the links.

Please don't send me any more links to how to add certificates.

I'm trying to find out WHICH certificates Safari comes with trust for.  In other words, what are the trusted root certifcates for Safari.

Increasing points (again).

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10704439
Sorry to see that no one has responded to my other request for help in the Macintosh topic area for you; perhaps they still will.  Other than what I'm posting now, I'll forego additional input and do hope you achieve your goal.  

So far in my research on your behalf, the things I've found state Trusted Authorities such as Verisign or Thwate and others you may choose to accept.  Not too helpful.
https://rulink.rutgers.edu:1027/loadca.html
http://a352.g.akamai.net/7/352/51/31a9b430496d80/www.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf

The best of luck to you on your pursuit.
Asta
0
 
LVL 30

Expert Comment

by:weed
ID: 10705200
You were trying to find one that supports safari. Verisign does. As far as I know, they ALL support safari. What they produce is just a certificate. That's pretty standard.
0
 

Author Comment

by:wainwra
ID: 10705458
weed, I'm trying to find an alternative to verisign, so knowing that Verisign works doesn't really help much.  Ideally, I'd like to know which of the IE trusted root CAs are also trusted root CAs for Safari.
0
 
LVL 30

Expert Comment

by:weed
ID: 10705616
It really doesn't have anything to do with Safari. A certificate is stored in the keychain, and when requested by a server, presents it.. You should be able to use ANY certificate because it's just a string of information. It doesn't have to be anything special to be stored in the keychain and used. Safari leaves all the storage up to the Keychain. The trick is to use a mainstream certificate authority because the whole point is to have a trusted certificate.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10771422
Nothing new added here, nothing new found.  Have you gotten what you need?  It appears we've exhausted all resources and scoured the Internet, Apple and other sources without any hits more specific than what has been shared here.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 30

Expert Comment

by:weed
ID: 11709328
We answered this. It's a question where the only real answer was an explanation of how certificates work with Keychain and Safari.
0
 

Author Comment

by:wainwra
ID: 11724707
Ah - no - sorry the question wasn't answered.

I just wanted a list of the certificates that Safari supports be default (without any user installing anything).

No one  was able to answer the question.

Andrew Wainwright
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 11726256
I agree with weed; but would consider PAQ versus deletions, since the information posted is informative and helpful for others with similar goals.
Thanks for your hard work.

Whatever internal supports do exist in Safari is posted within the Safari environment help files as well as the owner links also provided; sorry that you, Andrew, didn't find this of value.  If I were in your shoes and wanted more expansive information from the developers of Safari, I'd have posted this request or feedback to them directly.  Wish I had more time to have explored this further, but don't.  We're here to help if/when and how we can in a totally "volunteer" environment.

Asta
0
 
LVL 30

Expert Comment

by:weed
ID: 11727675
They ALL support Safari. Has nothing to do with safari anyway. Has everything to do with the Keychain. So more appropriately, they ALL support the Keychain. That's THE list.
0
 
LVL 30

Expert Comment

by:weed
ID: 11763599
That's up to you.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 11798096
Fine by me.
0
 

Author Comment

by:wainwra
ID: 11808113
I'm sorry - I do have to object.

I have found nowhere any documentation detail the certificates that are supported by users of the Safari browser (assuming that they have not had to do an certificate installation themselves).

With IE and netscape, there is a clear list, but not with Safari.  

I understand that certificates go into the keychain, but as I said, i see none in mine ,and yet I can clearly use SSL sites like amazon and ebay without getting warnings that the certificate is not trusted.

It simply isn't TRUE that all certificates are trusted by all browsers - I can make certificates for free that no one else will support, and there are CAs out there that sell cheap solutions which are only a littl ebit better than this.

Astaec says that the answer is in the Safari help files.  If so, I can't find it - and HE HASN@T SUPPLIED IT.

In case I'm not being clear - I want to know which certificates I can buy for my website, and know that Safari users will be able to trust them.  I was expecting a list along the lines of "Equifax 128bit global root", etc.  

Noone here has answered the question.

I strongly object to anyone getting points.

Andrew Wainwright
more than willing to discuss on the phone if required.

0
 
LVL 30

Expert Comment

by:weed
ID: 11809463
The browser has NOTHING to do with it in this case. It's purely the keychain. And if you can store the cert in a keychain, it's compatible. Any cert can be stored in the keychain so theyre ALL compatible!
0
 

Author Comment

by:wainwra
ID: 11812325
I'm sure you can put any cert in a keychain.
sigh
I want to know that if I buy a particular SSL certificate for our website, and then a Mac user goes there, that he will be told the site is trusted. - WITHOUT him first having to add anything to the keychain.
0
 
LVL 30

Expert Comment

by:weed
ID: 11827447
I think you'd have to work pretty hard to find an untrusted cert if any exist. I've been using Macs a long time and have yet to find one that isnt trusted.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11849799
PAQed, with points refunded (250)

modulo
Community Support Moderator
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Due to recent concerns over the inevitable depletion of the current pool of IPv4 addresses and the desire to provide additional functionality for modern devices, an upgrade to IPv6 on my Internet connection was needed for me to explore the world of …
Bada platform is becoming more and more famous this days and people talking about same. Some friends included those who have bada OS mobile asked me "what is bada?"and "what its features?". That encouraged me to research and write this article. [st…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now