Safari can't connect to https

keychain http certificate ssl safari

Solution 1:

A report on forums.macrumors.com seems to be fairly similar to yours. This happens as well in Safari 5.1 and is very recent.

The solution was to delete:

~/Library/Preferences/com.apple.security.plist

Solution 2:

This just reared its ugly head again, this time with Yosemite. It also affected all of the browsers I commonly use (Firefox, Chrome, Chrome Canary).

I tried to follow the advice here, which involved getting information about the root certificate used by the offending website via the web browser: How to fix: Safari can’t open the page because Safari can’t establish a secure connection

I got no love here, since every browser refused to negotiate a connection far enough to get the name of the certificate issuer. I even tried using open_ssl at the command line, but also it failed:

    [foo@bar]$ echo ^d | openssl s_client -connect broken.web.com:443 | tee cert.log
6480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
CONNECTED(00000003)

Finally, I was able to open the website on an old machine with Internet Explorer version 9, and found the name of the certificate authority: Comodo Certification Authority.

The linked article hinted at the right thing to do, but here's what worked for me:

  • Open the Keychain Access app.
  • Select "System Roots" keychain.
  • Search for the issuing certificate authority (in this case, Comodo).
  • View the certificate details (double click, expand the "Trust" area of the view window).
  • In my case, the trust rule was: "When using this certificate, ".
  • I changed it to "Always Trust", closed Keychain Access (after entering my admin password) and the page loaded.
  • Not wanting to leave it in a less secure mode, I used Keychain Access again and switched it back to "Use System Defaults".
  • Problem solved, no relaxation of security parameters.

YMMV but it's less drastic than nuking all your tweaks by eliminating the security preferences, nuking all your Safari data, or even re-installing your whole OS, as suggested by some of the links attempting to address this problem.

Update: I had to restart Chrome / Firefox for them to accept the "updated" / reset certificate preferences.

Another Possible Reason: Corporate Proxy or MITM

Just recently had a spate of these, along with failures of certain apps to connect to their servers via the network.

  • The symptom: Laptop or iPhone fails to secure a connection sometimes. The above method doesn't work.
  • The test: Run the iPhone or laptop using cellular connection or mobile hotspot instead of the suspected WiFi or wired network.
  • The result: If the cellular connection works and the non-cellular doesn't, then suspect a man-in-the-middle (MITM) attack, or a corporate proxy that looks like one.

Solution 3:

For me, it was a screwed up HSTS.plist. Removing that file solved that problem for me for multiple domains:

rm Library/Cookies/HSTS.plist

Then logout and login again (just restarting Safari won't do the job).

About HSTS: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Related

How to make a duplicate of a photo on iPhone before I crop or edit it?
How can I edit my cookies in Safari Web Inspector?
Unable to verify account name or password despite using correct details
Opening .msg file in Outlook for Mac 2011
Menu bar turns red on secondary screen
How do I get my user directory working for web sharing again?
What does a red check mark on the OS X login screen indicate?
MBP SSD upgrade - which settings to change?
Random Restarts with "Sleep Wake Failure" error on Mavericks
Is it possible to have bash escape spaces in pwd?
Is there anything like the clipboard manager Ditto for Mac?
Add a Google account to macOS 10.14.6 running Safari 13.0?