Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thawte Freemail certificate "Cannot verify authenticity" ?

Paul Libbrecht wrote:

I am slightly surprised to see that my certificate which is signed by Thawte Certificate Authority is said to be of "cannot verify the authenticity".
Isn't the fact that this certificate is signed by Thawte sufficient to verify the authenticity?

You should confirm that you have the relevant Thawte CA present in your set of trusted certificates.

Open Keychain Access.app.

On the left at the top, if there isn't a list labeled "Keychains", click the "Show Keychains" button at bottom left.

In the Keychains list, confirm that X509Certificates and X509Anchors are present. Then choose each keychain and confirm there is a suitable Thawte certificate in the keychain.


Next in Keychain Access.app, choose "Keychain List" from the Edit menu. A sheet will drop down.

On this sheet, choose Show: User. Then confirm that X509Certificates and X509Anchors are present in the list. They may have a Shared checkbox.

Next, choose Show: Mac OS X (System) and confirm the same thing.

If you don't see these keychains (certificate stores, actually) in the list, then post again. Or consult the builtin Keychain Access Help and see the "Administering keychains ..." topic, the "Solving problems .." topic, and the "Why isn't a certicate being accepted?" topic.


Basically, if Thawte isn't in any keychain (certificate store), or the keychain (certificate store) where Thawte's certificate resides isn't enabled for the user, then none of the certs issued by Thawte can be verified. Because keychains can be managed by the user, you may have disabled something in the past.

Another possibility is that you somehow have an expired Thawte CA cert in your keychain. Use the detailed view of the relevant Thawte CA in the Keychain detail list to confirm validity dates.

If you still can't get it to work, please post the OS and Java version you're using.


I tried accessing your website from a 10.4.9 machine with Java 5, and it did present the Trust/Don't Trust dialog. I used this to view the Thawte root CA and issuing CA info. This was identical to the info in my X509Certificates and X509Anchors keychains.

  -- GG

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.