Level 1

23 points

Safari in High Sierra refuses connection to website with expired certificate

In all earlier versions of OSX / MacOS, Safari has warned about expired certificates, but allowed the user to continue despite the error. After updating my iMac to High Sierra, Ifind that Safari gives a somewhat inscrutable error message ("This Connection is Not Private"), but does not offer any action except to quit ("return to previous page"). There is no option to alter this behaviour.

This means that I can no longer access webmin on an ancient but essential Linux Server I have running as a VM on a local Mac Mini: this server is accessible only to other machines on my LAN, is not exposed to the internet. For various reasons is not susceptible to being updated. I consider it unfriendly (at best!) for Apple to arbitrarily change in this way how Safari works - sometimes the punter really does know better than the computer - or Apple!

Can anyone suggest any kind of work-around other than not using High Sierra for this?

Colin

iMac, macOS High Sierra (10.13)

Posted on Sep 30, 2017 6:07 AM

Top-ranking reply

oldirtdog

Level 1

21 points

Posted on Mar 8, 2018 10:11 AM

I tried to get the certificate imported using the keychain in terminal, but I came to find out that the import to the keychain wasn't the issue at all. I deleted all the certificates for a particular site and visited it again. It asked me to visit the site anyway, which prompted for my keychain password. I put it in and verified it was now in my keychain. It then went right back to the website blocked message. Rinse and repeat. However, once in the keychain, I found that you can open the certificate and expand a section for Trust. I changed it to Always Trust. Then, the website let me in!

View in context

28 replies

baldbeardie Author

Level 1

23 points

Oct 1, 2017 9:12 AM in response to Eric Root

Many thanks for that. As you can see, KiltedTim's suggestion doesn't work, but I am looking into getting the certificate renewed. It'll take a little time (I have to learn how to do it first), but I've found a useful site at http://www.webmin.com/faq.html and we'll see what happens. I guess the first thing I'm going to have to do is open account with Thawte or some such ...

baldbeardie Author

Level 1

23 points

Oct 2, 2017 1:30 AM in response to PN2

Thank you, PM, for another very interesting idea.

I have tried this, and got as far as creating a .cer file on the desktop. However, although double-clicking it does open Keychain Access, it does not add the certificate to the login keychain (or any other, that I can see!). Similarly, I can apparently drag the file into Keychain Access, but without any visible result. Yes, the login keychain was unlocked! Oddly, dragging to the system keychain produced a request for my system password so the keychain could be updated, but after that there was also no visible result.

I conclude that Apple are actively trying to prevent any practices that they in their wisdom deem to be risky. Indeed, in principle I believe they are right to do so - but the trouble with principle is that it is very black and white, whilst in real life there are not only subtle shades of grey but also the complexity of full living Technicolor! :- )

Oct 17, 2017 1:58 PM in response to baldbeardie

I have exactly these problems too, particularly when trying to access Facebook (Sierra 10.12.6 and Safari 11 (12064.1.38.1.17) but they seem to be linked to an intrusion by Norton ConnectSafe. Where this last is coming from is a complete mystery. It does not appear to be on my router and my ISP denies all knowledge of it, and says that they think it is a virus. Only problem there is that Sophos and Bitdefender both fail to find any viruses or malware. No sign of anything on my DNS. Other sites affected include Twitter (was able to access it briefly this afternoon but then it went again) and Linkedin. Chrome is affected in exactly the same way as Safari.

I have been through the suggestions made here and elsewhere and none of them work. I am inclined to suspect the problem lies in the most recent updates by Sierra and/or Safari a few days ago. The problem seems to post-date them.

Nov 13, 2017 4:32 AM in response to baldbeardie

A month on and the problem with my Mac is still there and my ISP provider and Antivirus programme helpline can suggest no solution. I have done everything they suggested, mostly several times over. Nothing in the caches or anywhere looks like malware or a virus. I have tried Sophos and Bitdefender, and Malwarebyes. One did catch an old trace of geneio but I think that was an inert file from an infestation about two years back. Removing it did not solve the problem.

The features are

I can't open the page message for lots of sites, including (mostly but not always) Facebook. Twitter has sometimes opened, sometimes opens as broken lines of text, sometimes not at all. In the last half hour it has been blocked once, then opened normally when I tested it just now. This variable behaviour is baffling.
The messages from ConnectServe still come up sometimes but much less often.
Many antivirus sites, including Apple ones don't open.

Anyone got any suggestions? (I had thought of deleting and reinstalling Safari but that looks like a hazardous step for a computer tyro.)

Feb 15, 2018 3:34 AM in response to Eric Root

Hi folks

Have just recently "upgraded" to High Sierra and am now also getting this annoying message. Why do OS manufacturers insist on playing nanny with us? The server I'm trying to access is my own Synology NAS in my office! File access through file managers is not affected but as the sole admin for our server, I am now not allowed to log in via browser for any maintenance work!

Synology also cannot, as yet, help. But they're no doubt working on it.

It is unfortunately not only my Synology NAS that has the problem.

I can't access my FritzBox modem for maintenance either. Same problem.

I really dislike the idea of using a different browser, particularly as Safari is now supposed to be safer ...hohoho.

If I get any joy from Synology, I'll post it.

Eric Root

Level 10

685,251 points

Sep 30, 2017 8:15 PM in response to baldbeardie

Can you post a screen shot of the details? Try command - shift - 4 to take a screen shot.

baldbeardie Author

Level 1

23 points

Oct 1, 2017 5:18 AM in response to Eric Root

OK.

I'm not sure where this takes us, though ... :-)

Colin.

KiltedTim

Level 10

225,840 points

Oct 1, 2017 9:31 AM in response to baldbeardie

Try shutting off the fraudulent site warning in Safari preferences.

baldbeardie Author

Level 1

23 points

Oct 1, 2017 7:32 AM in response to KiltedTim

Thanks for what ought to another helpful idea. Sadly, however, I have already tried it, and it makes no difference.

Colin

Antzuo

Level 1

12 points

Dec 31, 2017 5:51 AM in response to PN2

You rock, mate!!!! Thank you so much (Apple is making things as difficult as MS Windows! GRR!!!!!)

Dec 31, 2017 9:06 AM in response to Cappadocian

I had better admit that in the end the problem proved to be the DNS setting which had somehow been changed and was causing the problems... When I corrected it, all was well.

Jan 9, 2018 8:45 AM in response to flytripper

Thanks

It worked for me!

baldbeardie Author

Level 1

23 points

Sep 30, 2017 6:19 AM in response to KiltedTim

Actually I understand from what I have read on the internet that Chrome has a similar problem, as this behaviour is either programmed into webkit or some lower level of the OS. In any case, try as hard as I can to keep all of my machines as Google-free zones ... :-)

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Safari in High Sierra refuses connection to website with expired certificate