Safari Can't establish a secure connection

Please post a direct link to a page you're having trouble with, if possible. It must be open to anyone without a login.

Double-click anywhere in the line of text below on this page to select it, then copy it to the Clipboard by pressing the key combination command-C:

www.paypal.com

Launch the Network Utility application.

Step 1

Select the Lookup tab and paste into the address field by pressing command-V. Then press return. Post the output that appears below – the text, please, not a screenshot.

Step 2

Select the Ping tab and do the same. Please enter the same input as you did in Step 1. Don't use the output of Step 1 as input to Step 2.

Important Note

Some web browsers and mail clients will automatically convert a domain name such as "www.example.com" to a clickable URL, such as http://www.example.com. That will interfere with the test. If necessary, edit the input in the Network Utility window to remove any added characters.

Start up in safe mode and log in to the account with the problem.

Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

If the problem is not reproducible in safe mode, then it's caused by third-party "anti-virus" or "security" software. If you know what that software is, remove it as directed by the developer after backing up all data. If you don't know what it is, ask for instructions.

Do you have the Avast anti-virus software installed? If so, remove it. It can cause these kinds of problems, and it's junk.

This could be a complicated problem to solve, as there are several possible causes for it.

Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.

Step 1

From the menu bar, select

 ▹ System Preferences... ▹ Date & Time

Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.

Check the box marked

Set date and time automatically

if it's not already checked, and select one of the Apple time servers from the menu next to it.

Step 2

Triple-click anywhere in the line below on this page to select it:

/System/Library/Keychains/SystemCACertificates.keychain

Right-click or control-click the highlighted line and select

Services ▹ Show Info

from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.

Repeat with this line:

/System/Library/Keychains/SystemRootCertificates.keychain

If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.

Step 3

Launch the Keychain Access application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.

In the Keychains list, there should be items named System and System Roots. If not, select

File ▹ Add Keychain

from the menu bar and add the following items:

/Library/Keychains/System.keychain

/System/Library/Keychains/SystemRootCertificates.keychain

Open the View menu in the menu bar. If one of the items in the menu is

Show Expired Certificates

select it. Otherwise it will show

Hide Expired Certificates

which is what you want.

From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled

Secure Sockets Layer (SSL)

select

no value specified

Close the inspection window. You'll be prompted for your administrator password to update the settings.

Now open the same inspection window again, and select

When using this certificate: Use System Defaults

Save the change in the same way as before.

Revert all the certificates with non-default trust settings. Never again change any of those settings.

Step 4

Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.

Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select

Help ▹ Keychain Access Help

from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.

Step 5

From the menu bar, select

Keychain Access ▹ Preferences... ▹ Certificates

There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.

Step 6

Triple-click anywhere in the line of text below on this page to select it:

/var/db/crls

Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.

Restart the computer, empty the Trash, and test.

What Safari extensions do you have installed? In Safari's preferences, click the Extensions icon to see a list of all installed extensions. Try turning them all off, using the big on/off switch, and see if that makes a difference.

I had the same problem and this solution helped me.

I've had my macbook for a year and I feel like every time I install something it gets a bit slower, juddery or internet pages don't load.

Probably from the Yosemite thing.

Please read this whole message before doing anything.

This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

The purpose of this test is to determine whether the problem is localized to your user account. Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”

While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.

Test while logged in as Guest. Same problem?

After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.

*Note: If you’ve activated “Find My Mac” or FileVault in OS X 10.7 or later, then you can’t enable the Guest account. The "Guest User" login created by "Find My Mac" is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.