How to turn off the Safari nanny?

[one1]

Since the last update I have had to deal with this pop up on safari when going to ebay and paypal. Once logging in and once logging out. It's quite annoying over a days time when you log in a few times a day. Any way to disable the nanny?

 

[GGJstudios]

1. Click Show Certificate.
2. Click the triangle icon the the left of "Trust".
3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
4. Click Continue.
5. Enter an admin name and password if prompted.

 

[one1]

Thank you very much

 

[Detektiv-Pinky]

1. Click Show Certificate.
2. Click the triangle icon the the left of "Trust".
3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
4. Click Continue.
5. Enter an admin name and password if prompted.

I would not do this!

First of all, Safari would not give you this warning if it could validate the Certificate. Since it can not validate it, this means something is wrong with it.

It is very unlikely that eBay and Paypal have a non-valid Certificate. So this means that either something is wrong with your Root-Certificates in Safari or you are the target of a 'Man-in-the-Middle-Attack', where somebody shows you a spoofed Certificate to trick you into accepting it. Certificates can be easily spoofed with the right toolkit and can look surprisingly real.

If this is the case you hand your eBay- and Paypal password to the attacker, since he can now look into your encrypted traffic.

I would try to store the certificate and mail it to eBay to have it inspected.

 

[Slarti Bartfast]

I would not do this!

First of all, Safari would not give you this warning if it could validate the Certificate. Since it can not validate it, this means something is wrong with it.

It is very unlikely that eBay and Paypal have a non-valid Certificate. So this means that either something is wrong with your Root-Certificates in Safari or you are the target of a 'Man-in-the-Middle-Attack', where somebody shows you a spoofed Certificate to trick you into accepting it. Certificates can be easily spoofed with the right toolkit and can look surprisingly real.

If this is the case you hand your eBay- and Paypal password to the attacker, since he can now look into your encrypted traffic.

I would try to store the certificate and mail it to eBay to have it inspected.

+1 - I have had problems with that error message, but only on sites where the operator couldn't give a **** about mac compatibility (like my last uni)- you should not be bypassing the paypal warning screen or you will be handing your cheque book to some really strange people

 

[one1]

1. Click Show Certificate.
2. Click the triangle icon the the left of "Trust".
3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
4. Click Continue.
5. Enter an admin name and password if prompted.

Thank you very much

OK, time to take that back. This didn't work for some reason. When I look at the certificate it is set to always trust, yet it still asks for permission to go forward. Any more ideas?

~TIA.

 

[Detektiv-Pinky]

OK, time to take that back. This didn't work for some reason. When I look at the certificate it is set to always trust, yet it still asks for permission to go forward. Any more ideas?

~TIA.

Dunno - is it just the eBay certificates you have problems with, or do you see this behaviour also on other sites that use SSL-encryption? Such as your bank, gmail,...

You probably have to dig a little deeper into Keychain.
First I would go to the site in question and click on the little lock-symbol in the upper right corner in Safari. This will bring up the certificate information for this site. This will give you information on the certificate and trust-chain for this certificate. The top most entry is the Root-Certificate that should be installed in Keychain by default.

In my case eBay uses a VeriSign Certificate that is present in my Keychain.
By clicking on details you can expand the certificate information. This gives you a lot of additional details about who created and signed this certificate.

You can also save the certificate to disk by dragging the certificate icon from here. Post it to this forum for further analysis.

Warning: Do not simply install any certificate in your Keychain without verifying it. Certificates have fingerprints that can be checked - preferably via an alternate connection (such as iPhone). Fingerprints for VeriSign can be found here:
http://www.verisign.com/repository/root.html

Make sure the fingerprint and other certificate information match exactly. Otherwise you can not trust the certificate!
There have been cases where people where scammed with 'valid' certificates for www.paypaI.com instead of www.paypal.com...

 

[one1]

Dunno - is it just the eBay certificates you have problems with, or do you see this behaviour also on other sites that use SSL-encryption? Such as your bank, gmail,...

ONLY ebay and paypal which are the same company and use the same certificates (Verisign).

Just want to make the nanny go away. Not happening so far.

 

[Detektiv-Pinky]

ONLY ebay and paypal which are the same company and use the same certificates (Verisign).

Just want to make the nanny go away. Not happening so far.

Well, the Certificate at the root of the verification tree is not a 'Root'-Certificate. It clearly says 'Intermediate Certificate Authority'.
Apple color codes certificates: Root Certificates have a golden border.

Open up 'Keychain Access' from Applications/Utilities and try to locate your installed Root Certificates from the 'System-Root' keychain.
Here you should find a Root Certificate for 'VeriSign Class 3 Public Primary Certification Authority - G5' (see my attached picture).

Leave the Root Certificates alone and try to locate the 'Non-root' VeriSign Certificate (the one with the blue border). It should be in one of your other keychains/categories.
Locate and simply delete it.

eBay signing should be working again.