Trusted Root CAs for Safari?

How can I find out what the trusted root Certificate Authorities are for Safari?

I've been using Verisign for our company's SSL certificates, and have only recently become aware that there are alternatives!  I'm trying to find one that supports Safari as well as the usual culprits.
wainwraAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
moduloConnect With a Mentor Commented:
PAQed, with points refunded (250)

modulo
Community Support Moderator
0
 
Asta CuCommented:
Not my area of expertise, but curious if alternatives are listed ... Edit menu and choose Built-in Certificates

When I keyed in Certificate Authorities for Safari, many results here:
http://kbase.info.apple.com/mainpage

Also quite a bit here:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=safari+certificate+authorities
0
 
wainwraAuthor Commented:
Er - my Safari's Edit menu doesn't have a Built-in Certificates option

I following the apple links, and looking at the Mac OS X options, I found a reference to an app called Keychain Access.  This seems to store saved passwords, but no certificates.  The help didn't find anything for certificates either.

So I've increased the points.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Asta CuCommented:
I'm swamped today, and this is not my area of expertise; but perhaps you'll find some help in the Mac topic area in the link below
http://www.experts-exchange.com/Operating_Systems/Macintosh/

I'll see if I can post within an active question for one of the top experts there to help here.

Asta
0
 
wainwraAuthor Commented:
I am STILL struggling to find any answer to this question.  And thank you, I've read all the links.

Please don't send me any more links to how to add certificates.

I'm trying to find out WHICH certificates Safari comes with trust for.  In other words, what are the trusted root certifcates for Safari.

Increasing points (again).

0
 
Asta CuCommented:
Sorry to see that no one has responded to my other request for help in the Macintosh topic area for you; perhaps they still will.  Other than what I'm posting now, I'll forego additional input and do hope you achieve your goal.  

So far in my research on your behalf, the things I've found state Trusted Authorities such as Verisign or Thwate and others you may choose to accept.  Not too helpful.
https://rulink.rutgers.edu:1027/loadca.html
http://a352.g.akamai.net/7/352/51/31a9b430496d80/www.apple.com/macosx/pdf/Security_in_Mac_OS_X.pdf

The best of luck to you on your pursuit.
Asta
0
 
weedCommented:
You were trying to find one that supports safari. Verisign does. As far as I know, they ALL support safari. What they produce is just a certificate. That's pretty standard.
0
 
wainwraAuthor Commented:
weed, I'm trying to find an alternative to verisign, so knowing that Verisign works doesn't really help much.  Ideally, I'd like to know which of the IE trusted root CAs are also trusted root CAs for Safari.
0
 
weedCommented:
It really doesn't have anything to do with Safari. A certificate is stored in the keychain, and when requested by a server, presents it.. You should be able to use ANY certificate because it's just a string of information. It doesn't have to be anything special to be stored in the keychain and used. Safari leaves all the storage up to the Keychain. The trick is to use a mainstream certificate authority because the whole point is to have a trusted certificate.
0
 
Asta CuCommented:
Nothing new added here, nothing new found.  Have you gotten what you need?  It appears we've exhausted all resources and scoured the Internet, Apple and other sources without any hits more specific than what has been shared here.
0
 
weedCommented:
We answered this. It's a question where the only real answer was an explanation of how certificates work with Keychain and Safari.
0
 
wainwraAuthor Commented:
Ah - no - sorry the question wasn't answered.

I just wanted a list of the certificates that Safari supports be default (without any user installing anything).

No one  was able to answer the question.

Andrew Wainwright
0
 
Asta CuCommented:
I agree with weed; but would consider PAQ versus deletions, since the information posted is informative and helpful for others with similar goals.
Thanks for your hard work.

Whatever internal supports do exist in Safari is posted within the Safari environment help files as well as the owner links also provided; sorry that you, Andrew, didn't find this of value.  If I were in your shoes and wanted more expansive information from the developers of Safari, I'd have posted this request or feedback to them directly.  Wish I had more time to have explored this further, but don't.  We're here to help if/when and how we can in a totally "volunteer" environment.

Asta
0
 
weedCommented:
They ALL support Safari. Has nothing to do with safari anyway. Has everything to do with the Keychain. So more appropriately, they ALL support the Keychain. That's THE list.
0
 
weedCommented:
That's up to you.
0
 
Asta CuCommented:
Fine by me.
0
 
wainwraAuthor Commented:
I'm sorry - I do have to object.

I have found nowhere any documentation detail the certificates that are supported by users of the Safari browser (assuming that they have not had to do an certificate installation themselves).

With IE and netscape, there is a clear list, but not with Safari.  

I understand that certificates go into the keychain, but as I said, i see none in mine ,and yet I can clearly use SSL sites like amazon and ebay without getting warnings that the certificate is not trusted.

It simply isn't TRUE that all certificates are trusted by all browsers - I can make certificates for free that no one else will support, and there are CAs out there that sell cheap solutions which are only a littl ebit better than this.

Astaec says that the answer is in the Safari help files.  If so, I can't find it - and HE HASN@T SUPPLIED IT.

In case I'm not being clear - I want to know which certificates I can buy for my website, and know that Safari users will be able to trust them.  I was expecting a list along the lines of "Equifax 128bit global root", etc.  

Noone here has answered the question.

I strongly object to anyone getting points.

Andrew Wainwright
more than willing to discuss on the phone if required.

0
 
weedCommented:
The browser has NOTHING to do with it in this case. It's purely the keychain. And if you can store the cert in a keychain, it's compatible. Any cert can be stored in the keychain so theyre ALL compatible!
0
 
wainwraAuthor Commented:
I'm sure you can put any cert in a keychain.
sigh
I want to know that if I buy a particular SSL certificate for our website, and then a Mac user goes there, that he will be told the site is trusted. - WITHOUT him first having to add anything to the keychain.
0
 
weedCommented:
I think you'd have to work pretty hard to find an untrusted cert if any exist. I've been using Macs a long time and have yet to find one that isnt trusted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.