Safari could not establish secure connection to my localhost

Question

I was using maven+grizzly+jersey to start my own server. I created self signed certificate so that my server can support https. I case you are curious, following is how I generated my certificate

keytool -genkey -keystore ./keystore_server -alias serverKey -dname "CN=localhost, OU=Jersey, O=Sun Microsystem, L=Prague, ST=Czech Republic, C=CZ"
keytool -export -alias serverKey -rfc -keystore ./keystore_server > ./server.cert

I was testing this on my iMac (Running Mavericks) Now, I added the server.cert to the system keychain so that all users can trust this certificate. Also, I change the trust level to "Always Trust".

I get this work in Chrome and Firefox. They asked me to add exception for this certificate, I did and then everything goes fine. However, I have never make Safari(7.0) happy. I always get the error saying that Safari cannot establish secure connection to my localhost.

Does anyone have any idea why it happened? Or is there better way to debug this problem so that I will be able to tell at which step things goes wrong.

Thank you in advance. I really appreciated it.

Answer 1

openssl x509 -in server.cert -inform PEM -text -noout

Here is my certificate looks like...

Safari does not provide DSS support (see Wireshark capture below), even though its required per the RFC 2246, Section 9:

9. Mandatory Cipher Suites

   In the absence of an application profile standard specifying
   otherwise, a TLS compliant application MUST implement the cipher
   suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.

---

Another problem you might have is the with SecureTransports implementation of ECDHE_ECDSA_*. Its broken for some versions of OS X and iOS. See [openssl.org #3068] [PATCH] Safari broken ECDHE-ECDSA workaround and Apple are, apparently, dicks... from the OpenSSL developer mailing list.

---