Safari can't connect to https
Solution 1:
A report on forums.macrumors.com seems to be fairly similar to yours. This happens as well in Safari 5.1 and is very recent.
The solution was to delete:
~/Library/Preferences/com.apple.security.plist
Solution 2:
This just reared its ugly head again, this time with Yosemite. It also affected all of the browsers I commonly use (Firefox, Chrome, Chrome Canary).
I tried to follow the advice here, which involved getting information about the root certificate used by the offending website via the web browser: How to fix: Safari can’t open the page because Safari can’t establish a secure connection
I got no love here, since every browser refused to negotiate a connection far enough to get the name of the certificate issuer. I even tried using open_ssl at the command line, but also it failed:
[foo@bar]$ echo ^d | openssl s_client -connect broken.web.com:443 | tee cert.log
6480:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_lib.c:185:
CONNECTED(00000003)
Finally, I was able to open the website on an old machine with Internet Explorer version 9, and found the name of the certificate authority: Comodo Certification Authority.
The linked article hinted at the right thing to do, but here's what worked for me:
- Open the Keychain Access app.
- Select "System Roots" keychain.
- Search for the issuing certificate authority (in this case, Comodo).
- View the certificate details (double click, expand the "Trust" area of the view window).
- In my case, the trust rule was: "When using this certificate, ".
- I changed it to "Always Trust", closed Keychain Access (after entering my admin password) and the page loaded.
- Not wanting to leave it in a less secure mode, I used Keychain Access again and switched it back to "Use System Defaults".
- Problem solved, no relaxation of security parameters.
YMMV but it's less drastic than nuking all your tweaks by eliminating the security preferences, nuking all your Safari data, or even re-installing your whole OS, as suggested by some of the links attempting to address this problem.
Update: I had to restart Chrome / Firefox for them to accept the "updated" / reset certificate preferences.
Another Possible Reason: Corporate Proxy or MITM
Just recently had a spate of these, along with failures of certain apps to connect to their servers via the network.
- The symptom: Laptop or iPhone fails to secure a connection sometimes. The above method doesn't work.
- The test: Run the iPhone or laptop using cellular connection or mobile hotspot instead of the suspected WiFi or wired network.
- The result: If the cellular connection works and the non-cellular doesn't, then suspect a man-in-the-middle (MITM) attack, or a corporate proxy that looks like one.
Solution 3:
For me, it was a screwed up HSTS.plist
. Removing that file solved that problem for me for multiple domains:
rm Library/Cookies/HSTS.plist
Then logout and login again (just restarting Safari won't do the job).
About HSTS: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security