How to turn off the Safari nanny?

one1

macrumors 65816
Original poster
Jun 17, 2007
1,146
25
Chattanooga, TN
Since the last update I have had to deal with this pop up on safari when going to ebay and paypal. Once logging in and once logging out. It's quite annoying over a days time when you log in a few times a day. Any way to disable the nanny?
 

Attachments

GGJstudios

macrumors Westmere
May 16, 2008
44,427
762
  1. Click Show Certificate.
  2. Click the triangle icon the the left of "Trust".
  3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
  4. Click Continue.
  5. Enter an admin name and password if prompted.
 

Detektiv-Pinky

macrumors 6502a
Feb 25, 2006
809
141
Berlin, Germany
  1. Click Show Certificate.
  2. Click the triangle icon the the left of "Trust".
  3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
  4. Click Continue.
  5. Enter an admin name and password if prompted.
I would not do this!

First of all, Safari would not give you this warning if it could validate the Certificate. Since it can not validate it, this means something is wrong with it.

It is very unlikely that eBay and Paypal have a non-valid Certificate. So this means that either something is wrong with your Root-Certificates in Safari or you are the target of a 'Man-in-the-Middle-Attack', where somebody shows you a spoofed Certificate to trick you into accepting it. Certificates can be easily spoofed with the right toolkit and can look surprisingly real.

If this is the case you hand your eBay- and Paypal password to the attacker, since he can now look into your encrypted traffic.

I would try to store the certificate and mail it to eBay to have it inspected.
 

Slarti Bartfast

macrumors member
Oct 19, 2009
53
0
I would not do this!

First of all, Safari would not give you this warning if it could validate the Certificate. Since it can not validate it, this means something is wrong with it.

It is very unlikely that eBay and Paypal have a non-valid Certificate. So this means that either something is wrong with your Root-Certificates in Safari or you are the target of a 'Man-in-the-Middle-Attack', where somebody shows you a spoofed Certificate to trick you into accepting it. Certificates can be easily spoofed with the right toolkit and can look surprisingly real.

If this is the case you hand your eBay- and Paypal password to the attacker, since he can now look into your encrypted traffic.

I would try to store the certificate and mail it to eBay to have it inspected.

+1 - I have had problems with that error message, but only on sites where the operator couldn't give a **** about mac compatibility (like my last uni)- you should not be bypassing the paypal warning screen or you will be handing your cheque book to some really strange people
 

one1

macrumors 65816
Original poster
Jun 17, 2007
1,146
25
Chattanooga, TN
  1. Click Show Certificate.
  2. Click the triangle icon the the left of "Trust".
  3. Choose "Always Trust" from the "When using this certificate:" pop-up menu.
  4. Click Continue.
  5. Enter an admin name and password if prompted.
Thank you very much :)
OK, time to take that back. This didn't work for some reason. When I look at the certificate it is set to always trust, yet it still asks for permission to go forward. Any more ideas?

~TIA.
 

Detektiv-Pinky

macrumors 6502a
Feb 25, 2006
809
141
Berlin, Germany
OK, time to take that back. This didn't work for some reason. When I look at the certificate it is set to always trust, yet it still asks for permission to go forward. Any more ideas?

~TIA.
Dunno - is it just the eBay certificates you have problems with, or do you see this behaviour also on other sites that use SSL-encryption? Such as your bank, gmail,...

You probably have to dig a little deeper into Keychain.
First I would go to the site in question and click on the little lock-symbol in the upper right corner in Safari. This will bring up the certificate information for this site. This will give you information on the certificate and trust-chain for this certificate. The top most entry is the Root-Certificate that should be installed in Keychain by default.

In my case eBay uses a VeriSign Certificate that is present in my Keychain.
By clicking on details you can expand the certificate information. This gives you a lot of additional details about who created and signed this certificate.

You can also save the certificate to disk by dragging the certificate icon from here. Post it to this forum for further analysis.

Warning: Do not simply install any certificate in your Keychain without verifying it. Certificates have fingerprints that can be checked - preferably via an alternate connection (such as iPhone). Fingerprints for VeriSign can be found here:
http://www.verisign.com/repository/root.html

Make sure the fingerprint and other certificate information match exactly. Otherwise you can not trust the certificate!
There have been cases where people where scammed with 'valid' certificates for www.paypaI.com instead of www.paypal.com...
 

Attachments

one1

macrumors 65816
Original poster
Jun 17, 2007
1,146
25
Chattanooga, TN
Dunno - is it just the eBay certificates you have problems with, or do you see this behaviour also on other sites that use SSL-encryption? Such as your bank, gmail,...
ONLY ebay and paypal which are the same company and use the same certificates (Verisign).

Just want to make the nanny go away. Not happening so far.
 

Attachments

Detektiv-Pinky

macrumors 6502a
Feb 25, 2006
809
141
Berlin, Germany
ONLY ebay and paypal which are the same company and use the same certificates (Verisign).

Just want to make the nanny go away. Not happening so far.
Well, the Certificate at the root of the verification tree is not a 'Root'-Certificate. It clearly says 'Intermediate Certificate Authority'.
Apple color codes certificates: Root Certificates have a golden border.

Open up 'Keychain Access' from Applications/Utilities and try to locate your installed Root Certificates from the 'System-Root' keychain.
Here you should find a Root Certificate for 'VeriSign Class 3 Public Primary Certification Authority - G5' (see my attached picture).

Leave the Root Certificates alone and try to locate the 'Non-root' VeriSign Certificate (the one with the blue border). It should be in one of your other keychains/categories.
Locate and simply delete it.

eBay signing should be working again.
 

Attachments

Register on MacRumors! This sidebar will go away, and you'll see fewer ads.