Red Hat Bugzilla – Bug 843689
Can no longer access Skynet using Safari on OSX or iOS
Last modified: 2012-08-20 20:52:02 EDT
After using Safari to access Skynet on OSX (10.7) for around a year, I upgraded to OSX 10.8 yesterday and found I could no longer access the site. I wasn't regularly using skynet via safari on iOS but I did check that it worked at one point in the past year (probably over 6 months ago), but it also isn't working now
It seems related to the SSL certificate or configuration on the skynet.usersys server. If it is a Safari 6 bug (quite possible) then it is specific to the setup on that server.
I have tested this with the following sites tested that all have self-signed certificates:
# Safari 5.1.7 - OSX Lion (10.7.4)
They all work (ie. they do the "hey these look dodgy, do you trust them?" confirmation ) and then the site works
# Safari 6.0 - OSX Mountain Lion (10.8)
https://skynet.usersys.redhat.com does not work at all. When I try to access it I just get the error message
'Safari can't open the page "https://skynet.usersys.redhat.com:8443/TopicIndex/" because Safari can't establish a secure connection to the server 'skynet.usersys.redhat.com'."
The other two sites work fine, as do sites with properly signed SSL certs
# Mobile Safari - iOS 5.5.1 and 6.0 Beta3
Same results as Safari 6 on Mountain Lion
Note that these sites all function correctly on OSX Mountain Lion (10.8) with Chrome 20.0.1132.57 and Firefox 14.0.1. The problem seems isolated to Safari 6 & iOS. And only the certificate or setup on the skynet.usersys server, skynet-dev.usersys is fine.
Note: I have deleted certificates and reset and rebooted and tried different user accounts to test this in 10.8.
Found the issue the default signing algorithm for the Java Keytool is OID. However it looks like Safari either has a bug or doesn't support keys signed using that algorithm.
I'll recreate the certificate using RSA as the signing algorithm as I've talked to Darrin and confirmed that works.
Oops the current signing method was SHA1 DSA sorry. I just looked into the OID number and found that is an identifier to identify different hashing algorithms.
I updated the certificate this morning so you shouldn't have any issues accessing skynet anymore.
Confirmed working on Safari6/OSX10.8 & iOS 5.5.1
Thanks for the quick turnaround :-)