mobile logo

Safari providing an SSL error "client certificate rejected” when other browsers work

posted on March 21, 2011 / IN Apache / Quick Tip / 6 Comments

If you’re receiving an error message such as:

Safari can’t open the page “https://example.com”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message.

It’s likely because the web server you are connecting to has Apache configured for “SSLVerifyClient optional”. It appears that with Safari 5 (or perhaps even earlier) the browser will negotiate client certificates improperly with the web server. While other browsers like Google Chrome and Firefox will not have an issue, Safari is rendered incapable of connecting to these sites without a server-side change.

Once you alter the Apache configuration to ‘none’ rather than ‘optional’, the browser will once again be able to connect as expected.

If anyone has experienced this issue or knows of a work-around for the Safari side of the equation, please comment!

By admin

6 Comments

Please use the form to leave a comment

    • Chris Sanburn
      Posted on November 15, 20117:55 pm Reply

      Confirmed this fix works for my apache server. It was a problem with Safari v4 as well, not just v5 and above.

      I got a slightly different error message, however:

      no certificate available
      no certificates meet the application

      Then given an Ok and Cancel option but pressing either one of them still results in you not getting to an https page.

      Thanks for the post!

    • Bart
      Posted on September 25, 20123:25 am Reply

      We have the same issue; Safari reports “No certificate available No certificates meet the application..” when using SSL (https:// connection). Other browsers (IE, FF) have no issue.

      However our application server is running under Windows, so no Apache, but IIS (7)..

      Does anyone know a fix for this situation?

    • wilby
      Posted on September 28, 20124:30 pm Reply

      How do you alter the apache configuration?

    • Jon
      Posted on October 3, 20121:38 pm Reply

      Same issue here. Our servers are running Apache with a valid SSL certificate installed and all the other browsers I load it in work fine, except Safari. I run Safari in Windows to test sites. A business associate of mine is running it n Mac and he tells me the site loads fine. Another person running it on Mac said they got some other error message about Certificate (not sure what) but was able to get to the site. It seems to be a bug in Safari, perhaps? We set SSLVerifyClient to none and it is still happening.

    • Per
      Posted on January 10, 20133:18 am Reply

      We found that setting “SSLCiphersuite ALL” made safari able to negotiate a client certificate authentication.

    • Olav
      Posted on January 20, 20137:20 am Reply

      The problem persists in Safari 6.
      I can confirm that this definitely is a problem that applies to Safari which is incapable of handling optional certificates regardless of the server’s os, as long as the server acts according to RFC 2246 and relevant superseding RFCs.
      However it can be circumvented by using a browser that does not have this bug (like Firefox and Chrome) or by installing a certificate that the server will accept. It WILL fail without the optional certificate as per Safari Version 6.0.2.

Page 1 of 1

Leave a comment.