Bug #6457
opensafari gives cert error and fails to load UI
0%
Description
Bruce Kendall reported problems loading MetacatUI under Safari 7.0.2 under Mac OS X Mavericks. He writes:
"You might let the IT guys know that the knb website seems to be rejecting connections from Safari on a Mac (“The server did not accept the certificate”). I could connect fine with Chrome."
Upon inspection, we have the system functioning under Savari 6.1.1 (Matt) and 7 (Lauren), but not for everyone. We had suspected a relationship to the Safari SSL renegoiation issue that has been reported previously for DataONE and KNB (see https://redmine.dataone.org/issues/3255), but now this looks like it might be different than that.
Files
Updated by ben leinfelder almost 10 years ago
- Target version set to 1.6.0
More and more people are telling us they get these Safari errors, especially as LeeAnne promotes the KNB and gets it on data repository lists. Would be worth investigating some possible solutions.
Updated by Lauren Walker almost 10 years ago
- Target version changed from 1.6.0 to 1.7.0
Updated by Lauren Walker about 9 years ago
Still getting prompts for a client certificate in safari 8.0.3 and 8.0.4
Updated by Nick Brand over 8 years ago
I'm still seeing this issue on my machine (OS X 10.11, Safari 9.0.2).
It appears to be related to the "SSLVerifyClient optional" config in Apache. If I change it from 'optional' to 'none', the error goes away.
Some time on Google shows:
"optional" does not work with all browers:
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifyclient
The Apache project is aware of the Safari interaction:
https://mail-archives.apache.org/mod_mbox/httpd-docs/201204.mbox/%3Ch16tsm3j280hqx6xqjezwJv4X.penango@mail.gmail.com%3E
Updated by Nick Brand over 8 years ago
Previous comment was for https://data.snap.is and https://knb.ecoinformatics.org. Attaching a screenshot.