Safari providing an SSL error “client certificate rejected” when other browsers work

If you’re receiving an error message such as:

Safari can’t open the page “https://example.com”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message.

It’s likely because the web server you are connecting to has Apache configured for “SSLVerifyClient optional”. It appears that with Safari 5 (or perhaps even earlier) the browser will negotiate client certificates improperly with the web server. While other browsers like Google Chrome and Firefox will not have an issue, Safari is rendered incapable of connecting to these sites without a server-side change.

Once you alter the Apache configuration to ‘none’ rather than ‘optional’, the browser will once again be able to connect as expected.

If anyone has experienced this issue or knows of a work-around for the Safari side of the equation, please comment!