3 Replies Latest reply: Jul 2, 2011 3:36 PM by SilverSmithy
SilverSmithy Level 1 (0 points)



I am using Safari (5.0.5 build 7533.21.1) on Windows (Vista Ultimate SP2) running IIS 6.0 (Build 6002, SP2) in order to test sites locally on my machine. They must be accessible via SSL.


I have created a self-certificate using the IIS tool SelfSSL (public key is 1024-bit RSA). I have successfully accessed the sites with IE, Firefox, Opera and Chrome but Safari presents me with a window entitled "Select Certificate" and offers only two unrelated certificates (both for the logged on computer user, not the site).


Obviously, selecting either of those leads to an error because they are not the correct certificates.


The certificate is installed under Personal and Trusted Root Certification Authorities in the Windows certificate manager.


I have been unable to find any information to solve this online so... How do I make Safari recognise the certificate?


Many thanks for all relevant help you can offer,



Safari, Windows Vista
  • SilverSmithy Level 1 (0 points)

    Further information:


    Following searches on this discussion forum I have seen this problem with slightly different symptoms:


    • My description of the symptoms covers when logged on as the computer's true administrator.


    • If signed on as a user with administrator permissions, the problem shows an empty "Select Certificates" box.


    • If signed on as a limited user then the browser simply responds with Safari can’t open the page “https://<<site>>/” because the server where this page is located isn’t responding. (no "Select Certificates" box appears). Where <<site>> is the site's URL.


    Consequently my guess is that the Safari process is failing to use the correct permissions to access the Windows certificate repository.


    I hope this is useful to some Apple Safari developer who needs to fix this bug PDQ... after all Safari for Windows exists to allow developers to take Safari into account when creating web sites and that is pretty well screwed if simple testing under SSL is not an option.

  • SilverSmithy Level 1 (0 points)

    Further.. further information:


    The Windows Certificates console may be run for the currrent user, a specific service or for the local computer.


    It is my understanding that certificates should be installed for the local computer, however, the problems of the certificate being missing from Safari's displayed "Select Certificate" box (described above for any form of administrator account) can be solved by opening the Certificates console "for current user" and adding the certificate to the Personal certificates (even if it is already in the Personal certificates for the local computer).


    This at least takes the problem one stage further. Unfortunately, after adding the correct certificate and selecting in, the browser responds with a "403.16 - Forbidden" error (Your client certificate is either not trusted or is invalid.).

  • SilverSmithy Level 1 (0 points)

    Correction: Once the Personal certificate is added to the Certificate console for the current user, the true administrator account gives the 403.16 response but I was wrong about a standard administrator account which actually gives the same response as a limited user, i.e. Safari can’t open the page “ https://<<site>>/” because the server where this page is located isn’t responding.


    The logged error event when trying to access the site through Safari logged on as the true administrator user is:


    • Log Name: System Source: Schannel Event ID: 36870 Task Category: None Level: Error Keywords: Classic Description: A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d.


    When accessing the site through Safari when logged on as a standard administrator user or limited users, the logged error event is:



    I hope this is useful information.