Reputation: 21
Safari cannot connect to web server via ssl protocol
I wrote my own web server run on tomcat. I also configured it to be able to connect to web server by SSL protocol.
I can connect to link https://[server address]:8443/[WebServer] by Firefox. But when I open the link by Safari, it displays failed page.
Upvotes: 1
Views: 5256
Answers (3)
Reputation: 8169
Make sure your self signed certificate is not expired. For example, open website in Chrome or Firefox and explore certificate details, in particular validity dates.
Upvotes: 0
Reputation: 2623
I think you have a keychain problem in your Safari. No https page works, not just your site. Correct? After some searching I found this that might help you:
Basically you want to recreate your keychain and this seem to be done by removing (Renamning might be clever to save them as backups) your
~/Library/Preferences/com.apple.security.plist
and/or
~/Library/Preferences/com.apple.security.revocation.plist
and try again. You probably need to restart Safari. I am not running Safari myself, but hope it helps.
Upvotes: 3
Reputation: 48057
You're not mentioning what kind of error message you get. I'm assuming that you get a message like "the server is not trusted" - e.g. you most likely use a self-signed certificate on tomcat. Part of SSL is that the server's public key is signed (certified) by a trusted entity, ensuring that the used key actually matches the domain name. This is being used so that you can't easily imitate being a different server if you want to attack its users.
Most likely you have worked around this requirement by signing your key yourself. This means that browsers will deny a connection until you specifically state that you trust the key (otherwise the trusted signature will imply that trust).
How do you know if you're using a self-signed vs. a "trusted" key? If you have passed money to someone in order to sign your key, you might be using a trusted one. If you have not passed money to anyone to sign your key, you're using an untrusted - most likely self-signed - key.
I guess that you earlier manually accepted this key in Firefox and have forgotten about it. I don't know what Safari displays in order to get the key accepted (or if it's configurable to just deny untrusted keys and not ask any question). So from here you'll have to find the way yourself, I hope that the explanations above help you to make sense of the error message you see. It might make sense to add the actual error message to your question.
Upvotes: 0
Related Questions
- Tomcat Doesn't Serve the SSL
- Connection refused after installing SSL certificates into tomcat server
- SSL not working for Tomcat 8
- tomcat can't establish ssl connection
- HTTPS Connection error
- Connecting to web service via Java over SSL works from console but not Tomcat
- SSL with Tomcat 7 at Ubuntu: unable to connect
- tomcat ssl client handshake java error
- SSL Connection from Java client
- Setting up tomcat + ssl failed.. cannot connect to SSL channel?