Bug #6457

safari gives cert error and fails to load UI

Added by Matt Jones over 8 years ago. Updated almost 7 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Bruce Kendall reported problems loading MetacatUI under Safari 7.0.2 under Mac OS X Mavericks. He writes:

"You might let the IT guys know that the knb website seems to be rejecting connections from Safari on a Mac (“The server did not accept the certificate”). I could connect fine with Chrome."

Upon inspection, we have the system functioning under Savari 6.1.1 (Matt) and 7 (Lauren), but not for everyone. We had suspected a relationship to the Safari SSL renegoiation issue that has been reported previously for DataONE and KNB (see, but now this looks like it might be different than that.


#1 Updated by ben leinfelder over 8 years ago

  • Target version set to 1.6.0

More and more people are telling us they get these Safari errors, especially as LeeAnne promotes the KNB and gets it on data repository lists. Would be worth investigating some possible solutions.

#2 Updated by Lauren Walker about 8 years ago

  • Target version changed from 1.6.0 to 1.7.0

#3 Updated by Lauren Walker about 8 years ago

  • Target version deleted (1.7.0)

#4 Updated by Lauren Walker over 7 years ago

Still getting prompts for a client certificate in safari 8.0.3 and 8.0.4

#5 Updated by Nick Brand almost 7 years ago

I'm still seeing this issue on my machine (OS X 10.11, Safari 9.0.2).

It appears to be related to the "SSLVerifyClient optional" config in Apache. If I change it from 'optional' to 'none', the error goes away.

Some time on Google shows:

"optional" does not work with all browers:

The Apache project is aware of the Safari interaction:

Also available in: Atom PDF