Safari (Mac version)
This section describes how to add a client certificate to or from Safari for macOS.
On macOS, client certificates are managed in "Keychain Access".
For details on using macOS, refer to the Apple support page or manuals.
Apple support page
This section explains the scenario using the client certificate for Client Certificate Authentication (cybozu.cn) as an example.
Adding Client Certificate
This section describes how to add a client certificate to Safari for macOS.
- Obtain a client certificate and client certificate password from your system administrator.
- Client certificate for Client Certificate Authentication (cybozu.cn):
If the system administrator allows the client certificate to be downloaded, you can obtain the client certificate and password by yourself.
For the procedure to obtain a password, confirm Steps 1 and 2 of When Client Certificate Authentication is used.
- Client certificate for Client Certificate Authentication (cybozu.cn):
- Double-click the client certificate named "(your login name).pfx".
Keychain Access starts. - Enter the client certificate password obtained in Step 1 and click OK. The client certificate is automatically added to "Keychain Access".
- On the "Keychain Access" screen, double-click the "(Login name of the user)@(subdomain name).s.cybozu.cn" certificate.
- On the screen displayed, click the icon to the left of "Trust".
- From the "When using this certificate:" dropdown list, select "Always Trust", and then close the screen.
- On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings. When adding the client certificate is successful, a "+" is added to the "Keychain Access" screen icon.
- Click the client certificate while pressing the Control key, and then select "New Identity Preference".
- In "Location or Email Address:", enter "https://(subdomain name).s.cybozu.cn", and then click Add.
The subdomain name is included in the certificate name.- Example of certificate name:
(Login name of the user)@(subdomain name).s.cybozu.cn
- Example of certificate name:
- In "Location or Email Address:", enter "https://(subdomain name).s.cybozu.cn", and then click Add.
- Close "Keychain Access".
- Start Safari and access the following URL.
- https://(subdomain name).s.cybozu.cn/ If the certificate selection screen is displayed, select the relevant certificate and click Continue. If the confirmation screen is displayed, enter the password for your computer and click Always Allow. After the login screen of your environment is displayed, confirm whether you can access a service or not.
Replacing Client Certificate
Replace an existing client certificate with a new one.
- Obtain a new client certificate and its password from your system administrator.
- Delete the old client certificate.
Deleting client certificate - Add a new client certificate.
Adding client certificate
Deleting Client Certificate
This section describes how to delete the client certificate from Safari for macOS.
-
Open the "Keychain Access" screen.
Perform one of the operations below.- Click
in the Dock.
Apple Help: Use the Dock on Mac - Click
on the Dock, and then search for "Keychain Access".
Apple Help: Use Launchpad to view and open apps on Mac
- Click
in the Dock.
-
While pressing the Control key, click on the client certificate to delete "(Login name of the user)@(subdomain name).s.cybozu.cn", and then select "Delete "(Login name of the user)@(subdomain name).s.cybozu.cn"".
-
Click Delete on the confirmation screen.
-
On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings.
-
While pressing the Control key, click on the Identity Preference to delete "https://(subdomain name).s.cybozu.cn", and then select "Delete "https://(subdomain name).s.cybozu.cn"".
-
Click Delete on the confirmation screen.
-
While pressing the Control key, click on a secret key "cybozu.cn client certificate" to delete, and then select "Delete 'cybozu.cn client certificate'".
-
Click Delete on the confirmation screen. Now the client certificate has been deleted.