Safari can’t establish a secure connection to the server

Question

I realize there is another question with the same title, but my situation is very different.

The problem started on three of my computers after upgrading from Leopard to Snow Leopard.
I can login to gmail and facebook using https with no problem.
I can not login to https://identi.ca/main/login or https://seminars.wolfram.com/ or https://panopticlick.eff.org with Safari, works fine with Firefox.
Already tried "Safari Reset..."

Any ideas?

Using Firefox, I have just discovered that both problematic sites use certificates issued by Comodo — gdelfino, Jan 25 '10 at 14:22
Related: [Why won't OS X trust GitHub's SSL certificate?](http://superuser.com/questions/605900/why-wont-os-x-trust-githubs-ssl-certificate) and [HTTPS certificates invalid on Safari, Chrome on specific user account](http://superuser.com/questions/788082/https-certificates-invalid-on-safari-chrome-on-specific-user-account). — Arjan, Aug 17 '14 at 21:36

score 3 · Answer 1 · answered Nov 27 '09 at 13:51

3

I had this problem as well. Adding new root authority certificates from Thawte fixed the problem. Apple has documentation on how to do this here http://docs.info.apple.com/article.h...en/mh2046.html

I added the root and server certificates that I downloaded from here http://www.thawte.com/roots

answered Nov 27 '09 at 13:51

admintech

Thanks. Did you have to go through all the 8 directories and 14 subrectories double clicking on every .cer and .pem file? Did you add them to your login keychain or to the system keychain? – gdelfino Nov 27 '09 at 18:27
1

There are dozens of certificates in that download. Which one do I need? – gdelfino Jan 25 '10 at 14:02

gdelfino · Accepted Answer · 2015-12-03T22:30:00.250

1

I have just solved this problem by following this procedure published by phurd99 in the Apple Support Forums:

(...)

This solves the problem but you are left without you precious keychain (a backup is saved).

Then, using the backup and trial and error I discovered that by deleting one specific certificate, the problem is solved:

UNT-USERFirst-Hardware
Intermediate certificate authority
Note: This certificate is signed by an untrusted issuer

edited Dec 03 '15 at 22:30

answered Mar 12 '10 at 01:39

gdelfino

1

[+1] Searching for UNT-USERFirst-Hardware revealed 2 such certificates on my machine. One indeed was noted as signed by an untrusted issuer. So I just deleted this certificate and my HTTPS problems with Safari were gone! I couldn't use MobileMe on my MBA because of this. Thank you very much! – Marc Dec 12 '10 at 21:12

2 Answers2