What’s the “Safari Can’t Establish a Secure Connection to the Server” Error?

Apple devices come with a security feature that ensures they’re safe and secure while browsing the web. This makes Apple computers one of the safest options for using the Internet.

This is why Safari, the browser that this website was originally intended to be viewed in, sometimes blocks users from accessing a website that it believes isn’t secure. When this happens, the error message displayed will typically state Safari Cannot Open the Page Cannot Establish a Secure Connection.” Error notifications may include different wordings and may appear in any format. As an example, the image above shows a notification that reads “Safari Can’t Open This Page.”

Related Content for Users:
Many problems with the Internet and downloading can be triggered by the problem of the computer freezing. How to prevent PC crashes randomly?

Such notification may appear when you are visiting the site with an SSL certificate expired and an unsecure connection. It means the browser doesn’t trust the encrypted data on the site and also indicates that Safari could not successfully access and verify the information. This can happen if a site doesn’t have its SSL certificate configured properly. It’s important to use Secure Socket Layer (SSL) and the SSH protocol on websites these days. This is especially true for any websites hosting sensitive data such as a WooCommerce store.

What Causes “Safari Can’t Establish a Secure Connection to the Server” Error?

This error message is usually due to one of two reasons: the website you’re trying to access isn’t secure enough or Safari can’t verify that it is.

To properly fix the “Unable to establish a secure connection” problem and solve it, you need to understand why the site is considered unsecured. Sometimes you may not know what the root cause of a problem is until you investigate different possible solutions.

Several common third-party extensions and add-ons cause the error “Safari cannot establish a secure connection to the server”. This error can occur if you have one of these extensions or add-ins installed. Even a minor error can cause “No secure connection to the server” problems. However, it may be something more complicated, like the version of the Internet protocol you use. The most common reason for the error is the expiration of the SSL site certificate.

How To Fix the “Safari Could Not Establish a Secure Connection to the Server” Error (6 Solutions)

Now that we know what the problem is, and its causes, then we can look at a few ways to fix it. With these tips, you can forget about this bug in your browser.

1. Clear Your Browser Data

Every time you visit a browser, Safari saves some of your data in cookies and caches in your browser. If this data contains outdated data that relates to site encryption or SSL, then this may be the reason for the error message. So to fix the “Safari Cannot Establish Secure Connection to the Server” problem, you should first clear the cache. Then, tap on Preferences > Privacy, then choose Remove All Website Data.

After you have uploaded, you can choose which sites you want to delete the data from. When you finish, click the Done button at the bottom of the screen. After that, to clear your entire browsing history, you can navigate to Safari > History > Clear History.

When you are finished, try visiting the site where the error was displayed. If the error has not disappeared, go to the next solution.

2. Check Your Device’s Date and Time

As odd as it may seem, if your Mac device displays an incorrect date and time, it can sometimes cause problems with Safari. Therefore, it is very important to make sure your time zone and date are set correctly.

To do it, you can tap on the Apple icon, then navigate to System Preferences > Date & Time.

After that, you can confirm that you’re using the right date and time.

You can also have your device automatically sync to your current location on the Time Zone tab. Once done, you can close the window and try accessing the site again.

3. Change Your DNS Settings

If the error persists, you should check your DNS (Domain Name Server) settings. In short, your DNS is like a phone book, allowing devices and websites to access each other. Safari uses your DNS settings to connect to websites.

If there is a problem with your DNS settings, you may see the “Safari cannot open page secure connection” message. To see if this is the case (and fix it), you can try changing your DNS address. For example, you can use Google’s public DNS. Go to Apple > System Preferences > Network.

From this window, choose your connection, then tap on the Advanced tab, followed by DNS. Next, click on the (+) icon next to IPv4 or IPv6 addresses.

After that you can enter the new DNS IP addresses. For example, if you want to use Google’s Public DNS, you can type “8.8.8.8” and “8.8.4.4”.

When you’re finished, tap on the OK button. Recheck the website to see if this process deleted the error message.

4. Uninstall or Disable Your Browser Extensions

As mentioned earlier, extensions or add-ons in your browser can interfere with Safari’s ability to securely connect to websites. This is sometimes common with antivirus programs and security-related extensions.

So, in the next step, try disabling all browser extensions. You can do this by opening Safari, then navigating to Preferences and clicking the Extensions tab.

A list of your extensions will appear in the left column. You can disable an add-on by clicking the check mark next to its name.

Once done, try accessing the site again. If this fixes the “Cannot secure connection to server” problem, you need to determine which extension is to blame. You can do this by systematically activating each plugin and visiting the website each time.

5. Disable IPv6

Internet Protocol (IP) is a set of rules that govern how data moves across the Internet. IPv6 is a newer protocol version. However, some websites still use the old version of IPv4. If this is the case, you may see the “Safari cannot establish a secure connection” message.

So you can try disabling IPv6 on your network. To do this, navigate to System Preferences > Network again, then click your network connection, then click the Advanced button.

On the TCP/IP tab, click the drop-down menu under Configure IPv6 and select Manual.

When done, click the OK button. If IPv6 is the problem, this should do the trick. If not, you can try the last solution.

6. Make Sure Keychain Trusts the Certificate

We’ve already mentioned that sometimes Safari may display a connection error message if it cannot verify the validity of a website’s SSL certificate. If this is the case, you can fix this by configuring the settings in the macOS Keychain Access app.

Keychain Access is an application that stores your passwords, account information, and application certificates. It protects your data and can control which websites your device trusts. So you can tell it to accept SSL certificates for websites in the future.

To do this, go to the website that displayed the error message, then click the lock icon to the left of the address bar, then click View/View Certificate > Details.

With the details pane expanded, click Ctrl + Spacebar. The Spotlight search bar will appear in the upper right corner of the screen. In the search box, enter "keychain".

Then click the system root directory on the left. Find the website’s certificate. Once you find it, go to the “Trust” section. Then click the drop-down menu next to the “When using this certificate” section and select “Always Trust”:

That’s it! You should now be able to successfully access the website without the “Safari Cannot Open the Page Secure Connection” error.

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

What is SSL certificate, How Does it Work

SSL stands for Secure Sockets Layer. It is a cryptographic protocol for secure connections. The 3.0 version of SSL is called Transport Layer Security, but everybody still uses the old name of the protocol. When we say SSL, we mean TLS. The protocol has been created to maintain secure data transfer. The combination of asymmetric and symmetric encryption methods makes an SSL-protected connection impossible to hack in a reasonable time. So, how does an SSL certificate work?

Why do we need SSL certificates?

SSL encryption is required to rule out the interception of data by hackers. Such an attack is called man-in-the-middle¹. If malefactors succeed in it, they can steal sensitive data that we share with websites. However, thanks to SSL, if even hackers get the transferred data along the way, they will have to decode it, which will take them eons. However, that is not enough because hackers and scammers can spoof the known websites or lure users into their own pages, fooling them by presenting fake public keys (needed for SSL authentication procedure.) To tackle this, a digitally signed certificate issued to a website ensures the safety of the domain itself.

What is a Certificate Authority?

SSL certificate is the trust-based allowance to participate in modern-world secure communications. It is issued to trusted websites by trusted authorities called Certificate Authorities. The more expensive the certificate is, the more trust it presents and the longer the preliminary checks take. There are many CAs in the world, and they issue millions of certificates per year. The digital signature of the authority secures the SSL certificates it issues.

How do SSL certificates work?

The server fitted with a certificate has a datafile the browser requests as you try to access the website. The certificate contains the following information: the domain name it was created for, the person, organization, or device it was issued to, the name of the Certificate Authority, its digital signature, list of associated subdomains, issue and expiry date of the certificate, the public encryption key. There is some more to it, but the listed items are the most important.

“Handshake” procedure

The procedure of data exchange between the client (browser) and the server equipped with an SSL certificate is called a “handshake.” It takes less than a second to perform this operation, but its importance is hard to overestimate. It all happens in several steps beginning with a browser sending its request to the server. The server sends a copy of its certificate to the client; if the certificate is satisfactory, the browser sends a respective response establishing a secure encrypted connection thereafter. The point is that the authentication procedure uses asymmetric encryption in order to start symmetric encryption only valid for the current session.

Not to leave your curiosity unsatisfied, we shall briefly mention some asymmetric cryptography features. In usual (symmetric) cryptography, both parties have the same secret key. If malefactors get this key, they can easily read any intercepted message. Asymmetric encryption works otherwise. It operates with a public key, used to encrypt messages, and a private key (never shared) used for message decoding². To simplify, we can say that the browser and the server exchange padlocks that need no key to lock, but they don’t share keys. Even if hackers somehow get the encrypted message (padlock), it will take quadrillions of years for them to decipher it. On the last step of the handshake authentication, the server and client exchange a secret key generated solely for the current session. That allows them to switch to symmetric encryption, which is much faster.

Types of Certificates

The SSL certificates can provide different trust levels, and their price differs with respect to that (60$ per year on average, but hundreds of dollars for the most expensive options.) The main types of the certificates are the following:

Extended Validation (EV)

These certificates are the most expensive. They provide the highest level of trust, and they are a must-have for websites that collect users’ data and receive or direct online payments. EV certificate requires the longest and the most thorough verification procedure before it is issued. When the site has an EV SSL certificate, its address bar contains HTTPS, but also the name of the business and the country are shown. The padlock icon is there as well, of course.

Organization Validated (OV)

This certificate is the second most expensive one. Its features are mostly the same as EV’s, but OV focuses on providing the needed encryption without such an accent on prestige and presentability.

Domain Validated (DV)

DV is the cheapest certificate type. It is enough for the website owner to answer a telephone call or an email to complete the validation procedure. However, DV is only enough for websites that neither collect any information nor involve payments. The encryption provided here is the weakest. The address bar only receives a padlock and HTTPS marking.

Wildcard

This type of certificate is used when the website owner wants to secure one domain and an unlimited number of subdomains. For example, the domain can be website.com and its subdomains help.website.com, blog.website.com, or shop.website.com. One Wildcard certificate will cover all of them.

Multi-Domain Certificate (MDC)

This certificate allows its users to secure different domains and subdomains. It’s like a Wildcard one, but the list of protected websites is not limited to subdomains of one domain! The client can secure a list of virtually random sites and subdomains.

Unified Communications Certificate (UCC)

UCC is a very trusted certificate, giving a green highlighting of the address bar for its owners’ websites. It has a multi-domain feature and strong encryption. UCC is very respected, sharing one level of trust with the EV certificates.

Certificate Expiration

SSL certificates are designed to expire. That is so because the certificate is not the encryption service it provides alone, but the correspondence of lots of data about the company with facts about it. This correspondence is what allows these authorities to issue and maintain the certificates. Since everything can change quickly in the business world, and websites may change owners, properties, and even what they do, SSL certificates require regular renewal. The validity period for a certificate is around two years, but the requirements get more severe every year. The voices are heard already to make certificates last not more than a year.

Related threats and how to avoid

Earlier, HTTPS was a trustworthy sign of any website’s security status. Phishing attacks used to be easily exposed based on the absence of the SSL certificate on scam-related websites.

For some time now, scammers have taken phishing to a new level. Now they manage to use certified sites ³ in their schemes. Therefore, to see HTTPS marking and calm down is yesterday’s approach. To avoid becoming a victim of phishing, you need to check any sites for spoofing.

• Follow Internet security rules. Never open suspicious email attachments. The same goes for links. If you receive a notification that you doubt the authenticity of, contact the service that the sender claims to be via another communication channel. Try calling them, for example.
• Use reason and intuition. If soon it will be impossible to trust certificates, be reasonable. Do not be fooled by advertising, where they promise you something very good, very cheap, and even fast. Be vigilant if allegedly you were sent a package, although you did not expect it. And, of course, it is unlikely that your second cousin is the Prince of Brunei in exile, who bequeathed all his fortune to you.
• Double-check for spoofed website links and email addresses. They might look very similar to the authentic ones differing by one letter, but the goal of the malefactors is to take you by stealth when you’re not on guard.
• To protect yourself from malware in case the phishing attack still happens, install a reliable antivirus program. GridinSoft Anti-Malware is one of the most effective and versatile solutions on the market. It warns about dangerous websites in case you are trying to access them and immediately clears malware, if a successful phishing attack involves infecting its victim’s machine.

The post What is SSL Certificate? appeared first on Gridinsoft Blog.