DJCMerrall

Q: Safari 8.0.3 Can't establish a secure connection to the server

I have a Macbook Air (early 2014) running OS X Yosemite 10.10.2

 

Safari is version 8.0.3

 

When accessing the websites "https://www.national-lottery.co.uk" and "https://portal.wmpfonline.com" I am given the below message:

 

Safari can't open the page "https://www.national-lottery.co.uk" because Safari can't establish a secure connection to the server "www.national-lottery.co.uk".

 

Initially when I bought my Macbook Air these sites worked perfectly. Also, when I clear website data it will work for a short period of time (roughly 2 minutes) but other times that makes no difference.  I have tried using FireFox but I still have an issue accessing these sites.  When in recovery mode both sites work perfectly fine without an issue.


Is anyone able to help me with this issue?  I have been searching and searching for a week to find a solution to this problem.


Thank you all in advance

MacBook Air (13-inch, Early 2014), OS X Yosemite (10.10.2)

Posted on Feb 10, 2015 2:26 PM

Close

Q: Safari 8.0.3 Can't establish a secure connection to the server

  • All replies
  • Helpful answers

  • by Linc Davis,Helpful

    Linc Davis Linc Davis Feb 10, 2015 6:49 PM in response to DJCMerrall
    Level 10 (208,000 points)
    Applications
    Feb 10, 2015 6:49 PM in response to DJCMerrall

    This could be a complicated problem to solve, as there are several possible causes for it.

    Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

    Step 1

    From the menu bar, select

               ▹ System Preferences... ▹ Date & Time

    Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

    Check the box marked 

              Set date and time automatically

    if it's not already checked, and select one of the Apple time servers from the menu next to it.

    Step 2

    Triple-click anywhere in the line below on this page to select it:

    /System/Library/Keychains/SystemCACertificates.keychain

    Right-click or control-click the highlighted line and select

              Services Show Info

    from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

    Repeat with this line:

    /System/Library/Keychains/SystemRootCertificates.keychain

    If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

    Step 3

    Launch the Keychain Access application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

    In the Keychains list, there should be items named System and System Roots. If not, select

              File Add Keychain

    from the menu bar and add the following items:

    /Library/Keychains/System.keychain
    /System/Library/Keychains/SystemRootCertificates.keychain

    Open the View menu in the menu bar. If one of the items in the menu is

              Show Expired Certificates

    select it. Otherwise it will show

              Hide Expired Certificates

    which is what you want.

    From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

              Secure Sockets Layer (SSL)

    select

              no value specified

    Close the inspection window. You'll be prompted for your administrator password to update the settings.

    Now open the same inspection window again, and select

              When using this certificate: Use System Defaults

    Save the change in the same way as before.

    Revert all the certificates with non-default trust settings. Never again change any of those settings.

    Step 4

    Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

    Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

              Help Keychain Access Help

    from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

    Step 5

    From the menu bar, select

              Keychain Access Preferences... Certificates

    There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.

    Step 6

    Triple-click anywhere in the line of text below on this page to select it:

    /var/db/crls

    Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

    A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

    Restart the computer, empty the Trash, and test.

    Step 7

    Triple-click anywhere in the line below on this page to select it:

    open -e /etc/hosts

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    Launch the built-in Terminal application in the same way you launched Keychain Access.

    Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:

    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    ##
    127.0.0.1                              localhost
    255.255.255.255          broadcasthost
    ::1                                        localhost
    fe80::1%lo0                    localhost

    If that's not what you see, post the contents of the window.

  • by DJCMerrall,

    DJCMerrall DJCMerrall Feb 11, 2015 3:34 PM in response to Linc Davis
    Level 1 (5 points)
    Apple Music
    Feb 11, 2015 3:34 PM in response to Linc Davis

    Thank you for that response, I'm still working through this at the moment and I'm at the step showing expired certificates...  Is there any harm in using "always trust" on the certificate that works?   I'm just wondering.

     

    Thank so so much again for your reply and I will let you know if the whole process works.

  • by Linc Davis,

    Linc Davis Linc Davis Feb 11, 2015 5:36 PM in response to DJCMerrall
    Level 10 (208,000 points)
    Applications
    Feb 11, 2015 5:36 PM in response to DJCMerrall

    Never change the original trust settings of any certificate unless you created it yourself. That's just about the most dangerous thing you can do with a computer.

  • by afleisc2568,

    afleisc2568 afleisc2568 Feb 26, 2015 7:02 AM in response to Linc Davis
    Level 1 (0 points)
    Feb 26, 2015 7:02 AM in response to Linc Davis

    Hello. I am also having trouble connecting to gmail server. I Have been following your steps. Step 7, about opening the Terminal window, my results did not match yours. Here is what my window showed. (It was missing the last line.)

     

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting.  Do not change this entry.

    ##

    127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1             localhost

     

     

     

    Do you have any suggestions? I am not able to connect to my gmail server. Thanks in advance for you help!

  • by safarionwin,

    safarionwin safarionwin May 9, 2015 6:23 PM in response to Linc Davis
    Level 1 (16 points)
    Apple Watch
    May 9, 2015 6:23 PM in response to Linc Davis

    I've been having this issue only when connecting to godaddy online mail "login.secureserver.net" .. everything else is fine.  I followed your directions and before deleting the trash, it was still not working.  After I emptied the trash, it worked.  I went to your final step and got the exact entry except mine was  missing the last line.  Mine was:

     

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting.  Do not change this entry.

    ##

    127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1             localhost

     

    Do I need to be concerned that mine is missing the last line? Thanks !

  • by MandaP,

    MandaP MandaP May 29, 2015 11:10 PM in response to Linc Davis
    Level 1 (0 points)
    May 29, 2015 11:10 PM in response to Linc Davis

    I have the exact same problem with the national lottery website - I have followed all these steps and still no joy!

    In the final step I get the following:

     

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting.  Do not change this entry.

    ##

    127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1             localhost

     

    Any ideas ?

  • by gmarcos,

    gmarcos gmarcos Jul 19, 2015 4:46 PM in response to DJCMerrall
    Level 1 (0 points)
    Jul 19, 2015 4:46 PM in response to DJCMerrall

    All of a sudden I am having the same issue of 'can't open the page...' using Safari while Chrome just works fine.  I have done everything on Linc's suggested list up to and including step 7.  Worked ok for one day and now Safari is back to sporadic connection problems.  So, I've switched to Chrome for reliable, dependable and consistent internet use.  However, I'd still like to get this fixed.  Any additional suggestions?

    Thanks.

  • by Richard Holtzworth,

    Richard Holtzworth Richard Holtzworth Sep 19, 2015 4:13 AM in response to gmarcos
    Level 1 (25 points)
    Sep 19, 2015 4:13 AM in response to gmarcos

    I have the same issue with https://www.starbucks.com/account/signin which has always worked. Also, this URL will not open in Opera. However it does open in Chrome. I noticed in the address bar in Chrome, the padlock indicating a "locked" or secure site had a yellow triangle in it. According to Chrome, the security for the site is weak and suspect. I would have to guess that both Safari and Opera have higher security settings and won't even open the site.