Safari (Mac version)

Article Number:01011

This section describes how to add a client certificate to or from Safari for macOS.
On macOS, client certificates are managed in "Keychain Access".
Image of the icon of Keychain Access

For details on using macOS, refer to the Apple support page or manuals.
Apple support page

This section explains the scenario using the client certificate for Client Certificate Authentication (cybozu.com) as an example.

Adding Client Certificate

This section describes how to add a client certificate to Safari for macOS.

  1. Receive a client certificate and client certificate password from your system administrator.
    1. Client certificate for Client Certificate Authentication (cybozu.com):
      If the system administrator allows the client certificate to be downloaded, you can obtain the client certificate and password by yourself.
      For the procedure to obtain a password, confirm Steps 1 and 2 of When Client Certificate Authentication is used.
  2. Double-click the client certificate named "(your login name).pfx".
    Keychain Access starts.
  3. Enter the client certificate password obtained in Step 1 and click OK. Image of entering a password for the client certificate The client certificate is automatically added to "Keychain Access".
  4. On the "Keychain Access" screen, double-click the "(Login name of the user)@(subdomain name).s.cybozu.com" certificate.
    1. If you are using a client certificate for Remote Service:
      Double-click the certificate "[sequence] relay, (remote ID)" or "(friendly name)/(remote ID)/(certificate ID)". Image of the Keychain Access screen
  5. On the screen displayed, click the icon icon to the left of "Trust". Image where the icon to the left of 'Trust' is highlighted
  6. From the "When using this certificate:" dropdown list, select "Always Trust", and then close the screen. Image of selecting 'Always Trust' from the dropdown list
  7. On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings. Image of entering the administrator's name and password of the computer When adding the client certificate is successful, a "+" is added to the "Keychain Access" screen icon. Image of indicating that the client certificate was added successfully
  8. Click the client certificate while pressing the Control key, and then select "New Identity Preference". Image where the new identity preference is highlighted
    1. In "Location or Email Address:", enter "https://(subdomain name).s.cybozu.com", and then click Add.
      The subdomain name is included in the certificate name.
      • Example of certificate name:
        (Login name of the user)@(subdomain name).s.cybozu.com
      • If you are using a client certificate for Remote Service:
        Enter "https://remote2.cybozu.co.jp".
        Image of entering a location where certificates are required
  9. Close "Keychain Access".
  10. Start Safari and access the following URL.
    • https://(subdomain name).s.cybozu.com/
      1. If you are using a client certificate for Remote Service:
        You need to enter the Remote Service URL. For the URL to enter, refer to the following page.
        Remote Service Manual: Accessing products using URLs
      If the certificate selection screen is displayed, select the relevant certificate and click Continue. Image of selecting a certificate required for the connection If the confirmation screen is displayed, enter the password for your computer and click Always Allow. Image where the 'Always Allow' button is highlighted After the login screen of your environment is displayed, confirm whether you can access a service or not.

Replacing Client Certificate

Replace an existing client certificate with a new one.

  1. Obtain a new client certificate and its password from your system administrator.
  2. Remove the old client certificate.
    Removing client certificate
  3. Add a new client certificate.
    Adding client certificate

Deleting Client Certificate

This section describes how to delete the client certificate from Safari for macOS.

  1. Open the "Keychain Access" screen.
    Perform one of the operations below.

  2. While pressing the Control key, click on the client certificate to delete "(Login name of the user)@(subdomain name).s.cybozu.com", and then select "Delete "(Login name of the user)@(subdomain name).s.cybozu.com"". Image of selecting a client certificate to delete

  3. Click Delete on the confirmation screen. Image of confirming the deletion of the client certificate

  4. On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings. Image of entering the administrator's name and password of the computer

  5. While pressing the Control key, click on the Identity Preference to delete "https://(subdomain name).s.cybozu.com", and then select "Delete "https://(subdomain name).s.cybozu.com"".
    Image of selecting the identity preference to delete

  6. Click Delete on the confirmation screen. Image of confirming the identity preference to delete

  7. While pressing the Control key, click on a secret key "cybozu.com client certificate" to delete, and then select "Delete 'cybozu.com client certificate'". Image of selecting a secret key to delete

  8. Click Delete on the confirmation screen. Image of confirming a secret key to delete Now the client certificate has been deleted.