Bug 843689 - Can no longer access Skynet using Safari on OSX or iOS
Summary: Can no longer access Skynet using Safari on OSX or iOS
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: PressGang CCMS
Classification: Community
Component: Web-UI
Version: 1.x
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Lee Newson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-27 04:12 UTC by Dana Mison
Modified: 2012-08-21 00:52 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-07-30 00:23:31 UTC
Embargoed:


Attachments (Terms of Use)

Description Dana Mison 2012-07-27 04:12:15 UTC
After using Safari to access Skynet on OSX (10.7) for around a year, I upgraded to OSX 10.8 yesterday and found I could no longer access the site.  I wasn't regularly using skynet via safari on iOS but I did check that it worked at one point in the past year (probably over 6 months ago), but it also isn't working now 
either.

It seems related to the SSL certificate or configuration on the skynet.usersys server.  If it is a Safari 6 bug (quite possible) then it is specific to the setup on that server.

I have tested this with the following sites tested that all have self-signed certificates:

* https://skynet.usersys.redhat.com:8443/TopicIndex
* https://skynet-dev.usersys.redhat.com:8443/TopicIndex
* https://presentations.cloud.lab.eng.bne.redhat.com

# Safari 5.1.7 - OSX Lion (10.7.4)
 
They all work (ie. they do the "hey these look dodgy, do you trust them?" confirmation ) and then the site works 
 
# Safari 6.0 - OSX Mountain Lion (10.8)
 
https://skynet.usersys.redhat.com does not work at all.  When I try to access it I just get the error message 

'Safari can't open the page "https://skynet.usersys.redhat.com:8443/TopicIndex/" because Safari can't establish a secure connection to the server 'skynet.usersys.redhat.com'."

The other two sites work fine, as do sites with properly signed SSL certs

# Mobile Safari - iOS 5.5.1 and 6.0 Beta3

Same results as Safari 6 on Mountain Lion

Note that these sites all function correctly on OSX Mountain Lion (10.8) with Chrome 20.0.1132.57 and Firefox 14.0.1. The problem seems isolated to Safari 6 & iOS.  And only the certificate or setup on the skynet.usersys server, skynet-dev.usersys is fine.

Note: I have deleted certificates and reset and rebooted and tried different user accounts to test this in 10.8.

Comment 1 Lee Newson 2012-07-27 04:45:26 UTC
Found the issue the default signing algorithm for the Java Keytool is OID. However it looks like Safari either has a bug or doesn't support keys signed using that algorithm.

I'll recreate the certificate using RSA as the signing algorithm as I've talked to Darrin and confirmed that works.

Comment 2 Lee Newson 2012-07-27 04:49:51 UTC
Oops the current signing method was SHA1 DSA sorry. I just looked into the OID number and found that is an identifier to identify different hashing algorithms.

Comment 3 Lee Newson 2012-07-29 21:08:17 UTC
I updated the certificate this morning so you shouldn't have any issues accessing skynet anymore.

Comment 4 Dana Mison 2012-07-30 00:17:44 UTC
Confirmed working on Safari6/OSX10.8 & iOS 5.5.1

Thanks for the quick turnaround :-)


Note You need to log in before you can comment on or make changes to this bug.