Certificate errors when you use Safari to connect to SharePoint Online 2007

When you try to use Safari on a Macintosh OS X-based computer to connect to Microsoft SharePoint Online 2007, you receive certificate errors that resemble the following:

Certificate error 1

The page requires a valid SSL client certificate

Certificate error 2

The website ‘SITE’‘ requires a client certificate.

This issue occurs because of an update in the Mac OS X operating system that affects how client certificate authentication is handled.

In Mac OS X 10.5.2 and in earlier versions, Safari 3 automatically sends the first available client certificate in the keychain to the website. In Mac OS X 10.5.3 and in later versions, no client certificate is sent until you select the appropriate certificate to use for that site. In that case, you are prompted by Safari to select a client certificate when the server requests client authentication.

After the certificate is selected, the certificate should be retained in the keychain as an “identity preference item.” However, in the current SharePoint Online Standard Service Description, dated August 2010, the listing is displayed as Apple Safari 3 (for Macintosh OS X 10.5). In this case, some users may be confused if they are using OSX 10.5.3 or a later version or if they are using Safari 3.1.1 or a later version. As of February 3, 2011, the most recent version of OS X is 10.6, and the most recent version of Safari is 5.0.3.

To resolve this issue, use one of the following methods:

Important You must use the Microsoft Online Services Sign In for Mac tool to use these methods successfully.

Method 1: Manually specify a client certificate

For information about how to manually specify a client certificate, see the following website:

Method 2: Change which client certificate is used for a particular website

  1. In Applications/Utilities, open Keychain Access, and then find the identity preference item for the SharePoint site. Or, you can click All Items and then type the website name in the search field.
  2. Open the item, and then select a different certificate from the pop-up menu.

Method 3: Correct or change certificate trust settings

  1. You must obtain the root certificate. The root certificate may be displayed in the certificate error message. Therefore, you should be able to drag the root certificate icon to the desktop.
  2. Drag the certificate file onto the Keychain Access icon, or double-click the certificate file.
  3. Select a keychain from the pop-up menu, and then click OK. If you are prompted for credentials, you must use an account that has administrative permissions on the computer.
  4. Select the certificate, click File, and then click Get Info.
  5. Click the Trust Settings disclosure triangle to display the trust policies for the certificate.
  6. To override the trust policies, select new trust settings from the pop-up menus. If you do not know the trust settings, we recommend that you set the trust settings to always trust the certificate.

Method 4: Isolate corrupted Preferences files (plists): Basic

  1. If the user account is corrupted, you may have to create a new administrator account. After you create the new account, you must sign in by using the new account and then make a list of the Preferences files that are located in the /Username/Library/Preferences folder. You must also include any Preference files that are located in the ByHost subfolder.
  2. Sign out, and then sign back on by using the old account. Move everything on the Preference files list from the old account’s Preferences folder into a newly created folder on the desktop.
  3. Sign out, and then sign back in by using the old account. If the problem does not persist, may want to try to copy the items in the newly created desktop folder back into the Preferences folder one at time. You may have to sign out and then sign back in between individual file transfers, because this is the only way to isolate which plist file is corrupted. Continue performing this step until you have isolated all corrupted files.

Method 5: Isolate corrupted Preferences files (plists): Advanced

  1. Sign in by using the new administrator account that you created in Method 4.
  2. Back up the old account’s Preferences folder, and then delete the old account. When you delete the old account, make sure that you select the Save Data option to store a disk image in /Users/Deleted Users.
  3. Re-create the old account by using the same username and password combination.
  4. Sign out, and then sign back in by using the re-created old account.
  5. If the problem persists, follow these steps:
    1. Open the saved data file in /Users/Deleted Users.
    2. Open the /Library/Preferences folder from the saved data image.
    3. Open the current /Users/restored old account /Library/Preferences folder.
    4. Slowly copy the plist files from the saved data folder to the current folder. If it is possible, sign out and then sign back in between file transfers to make sure that there are no conflicts.
For more information about Safari and about issues with secure websites, visit the following website:
For more information about Safari, about Mac OS X 10.5.3, and about changes in client certificate authentication, visit the following website:
For more information about Mac OS X Panther applications and utilities, visit the following website:
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Read More:
Certificate errors when you use Safari to connect to SharePoint Online 2007

Comments are closed.

Recent Comments

    Archives

    Categories