You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari 8.0.3 Can't establish a secure connection to the server

I have a Macbook Air (early 2014) running OS X Yosemite 10.10.2


Safari is version 8.0.3


When accessing the websites "https://www.national-lottery.co.uk" and "https://portal.wmpfonline.com" I am given the below message:


Safari can't open the page "https://www.national-lottery.co.uk" because Safari can't establish a secure connection to the server "www.national-lottery.co.uk".


Initially when I bought my Macbook Air these sites worked perfectly. Also, when I clear website data it will work for a short period of time (roughly 2 minutes) but other times that makes no difference. I have tried using FireFox but I still have an issue accessing these sites. When in recovery mode both sites work perfectly fine without an issue.

Is anyone able to help me with this issue? I have been searching and searching for a week to find a solution to this problem.

Thank you all in advance 🙂

MacBook Air (13-inch, Early 2014), OS X Yosemite (10.10.2)

Posted on Feb 10, 2015 2:26 PM

Reply
Question marked as Top-ranking reply

Posted on Feb 10, 2015 6:49 PM

This could be a complicated problem to solve, as there are several possible causes for it.

Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

Step 1

From the menu bar, select

 ▹ System Preferences... ▹ Date & Time

Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

Check the box marked

Set date and time automatically

if it's not already checked, and select one of the Apple time servers from the menu next to it.

Step 2

Triple-click anywhere in the line below on this page to select it:

/System/Library/Keychains/SystemCACertificates.keychain

Right-click or control-click the highlighted line and select

Services Show Info

from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

Repeat with this line:

/System/Library/Keychains/SystemRootCertificates.keychain

If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

Step 3

Launch the Keychain Access application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

In the Keychains list, there should be items named System and System Roots. If not, select

File Add Keychain

from the menu bar and add the following items:

/Library/Keychains/System.keychain

/System/Library/Keychains/SystemRootCertificates.keychain

Open the View menu in the menu bar. If one of the items in the menu is

Show Expired Certificates

select it. Otherwise it will show

Hide Expired Certificates

which is what you want.

From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

Secure Sockets Layer (SSL)

select

no value specified

Close the inspection window. You'll be prompted for your administrator password to update the settings.

Now open the same inspection window again, and select

When using this certificate: Use System Defaults

Save the change in the same way as before.

Revert all the certificates with non-default trust settings. Never again change any of those settings.

Step 4

Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

Help Keychain Access Help

from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

Step 5

From the menu bar, select

Keychain Access Preferences... Certificates

There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.

Step 6

Triple-click anywhere in the line of text below on this page to select it:

/var/db/crls

Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

Restart the computer, empty the Trash, and test.

Step 7

Triple-click anywhere in the line below on this page to select it:

open -e /etc/hosts

Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in the same way you launched Keychain Access.

Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost

If that's not what you see, post the contents of the window.

8 replies
Question marked as Top-ranking reply

Feb 10, 2015 6:49 PM in response to DJCMerrall

This could be a complicated problem to solve, as there are several possible causes for it.

Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

Step 1

From the menu bar, select

 ▹ System Preferences... ▹ Date & Time

Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

Check the box marked

Set date and time automatically

if it's not already checked, and select one of the Apple time servers from the menu next to it.

Step 2

Triple-click anywhere in the line below on this page to select it:

/System/Library/Keychains/SystemCACertificates.keychain

Right-click or control-click the highlighted line and select

Services Show Info

from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

Repeat with this line:

/System/Library/Keychains/SystemRootCertificates.keychain

If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

Step 3

Launch the Keychain Access application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

In the Keychains list, there should be items named System and System Roots. If not, select

File Add Keychain

from the menu bar and add the following items:

/Library/Keychains/System.keychain

/System/Library/Keychains/SystemRootCertificates.keychain

Open the View menu in the menu bar. If one of the items in the menu is

Show Expired Certificates

select it. Otherwise it will show

Hide Expired Certificates

which is what you want.

From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

Secure Sockets Layer (SSL)

select

no value specified

Close the inspection window. You'll be prompted for your administrator password to update the settings.

Now open the same inspection window again, and select

When using this certificate: Use System Defaults

Save the change in the same way as before.

Revert all the certificates with non-default trust settings. Never again change any of those settings.

Step 4

Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

Help Keychain Access Help

from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

Step 5

From the menu bar, select

Keychain Access Preferences... Certificates

There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.

Step 6

Triple-click anywhere in the line of text below on this page to select it:

/var/db/crls

Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

Restart the computer, empty the Trash, and test.

Step 7

Triple-click anywhere in the line below on this page to select it:

open -e /etc/hosts

Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in the same way you launched Keychain Access.

Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost

If that's not what you see, post the contents of the window.

Feb 26, 2015 7:02 AM in response to Linc Davis

Hello. I am also having trouble connecting to gmail server. I Have been following your steps. Step 7, about opening the Terminal window, my results did not match yours. Here is what my window showed. (It was missing the last line.)


##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting. Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost




Do you have any suggestions? I am not able to connect to my gmail server. Thanks in advance for you help!

May 9, 2015 6:23 PM in response to Linc Davis

I've been having this issue only when connecting to godaddy online mail "login.secureserver.net" .. everything else is fine. I followed your directions and before deleting the trash, it was still not working. After I emptied the trash, it worked. I went to your final step and got the exact entry except mine was missing the last line. Mine was:


##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting. Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost


Do I need to be concerned that mine is missing the last line? Thanks !

May 29, 2015 11:10 PM in response to Linc Davis

I have the exact same problem with the national lottery website - I have followed all these steps and still no joy!

In the final step I get the following:


##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting. Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost


Any ideas ?

Jul 19, 2015 4:46 PM in response to DJCMerrall

All of a sudden I am having the same issue of 'can't open the page...' using Safari while Chrome just works fine. I have done everything on Linc's suggested list up to and including step 7. Worked ok for one day and now Safari is back to sporadic connection problems. So, I've switched to Chrome for reliable, dependable and consistent internet use. However, I'd still like to get this fixed. Any additional suggestions?

Thanks.

Sep 19, 2015 4:13 AM in response to gmarcos

I have the same issue with https://www.starbucks.com/account/signin which has always worked. Also, this URL will not open in Opera. However it does open in Chrome. I noticed in the address bar in Chrome, the padlock indicating a "locked" or secure site had a yellow triangle in it. According to Chrome, the security for the site is weak and suspect. I would have to guess that both Safari and Opera have higher security settings and won't even open the site.

Safari 8.0.3 Can't establish a secure connection to the server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.