Bug 843689 - Can no longer access Skynet using Safari on OSX or iOS
Can no longer access Skynet using Safari on OSX or iOS
Product: PressGang CCMS
Classification: Community
Component: Web-UI (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lee Newson
Depends On:
  Show dependency treegraph
Reported: 2012-07-27 00:12 EDT by Dana Mison
Modified: 2012-08-20 20:52 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-07-29 20:23:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dana Mison 2012-07-27 00:12:15 EDT
After using Safari to access Skynet on OSX (10.7) for around a year, I upgraded to OSX 10.8 yesterday and found I could no longer access the site.  I wasn't regularly using skynet via safari on iOS but I did check that it worked at one point in the past year (probably over 6 months ago), but it also isn't working now 

It seems related to the SSL certificate or configuration on the skynet.usersys server.  If it is a Safari 6 bug (quite possible) then it is specific to the setup on that server.

I have tested this with the following sites tested that all have self-signed certificates:

* https://skynet.usersys.redhat.com:8443/TopicIndex
* https://skynet-dev.usersys.redhat.com:8443/TopicIndex
* https://presentations.cloud.lab.eng.bne.redhat.com

# Safari 5.1.7 - OSX Lion (10.7.4)
They all work (ie. they do the "hey these look dodgy, do you trust them?" confirmation ) and then the site works 
# Safari 6.0 - OSX Mountain Lion (10.8)
https://skynet.usersys.redhat.com does not work at all.  When I try to access it I just get the error message 

'Safari can't open the page "https://skynet.usersys.redhat.com:8443/TopicIndex/" because Safari can't establish a secure connection to the server 'skynet.usersys.redhat.com'."

The other two sites work fine, as do sites with properly signed SSL certs

# Mobile Safari - iOS 5.5.1 and 6.0 Beta3

Same results as Safari 6 on Mountain Lion

Note that these sites all function correctly on OSX Mountain Lion (10.8) with Chrome 20.0.1132.57 and Firefox 14.0.1. The problem seems isolated to Safari 6 & iOS.  And only the certificate or setup on the skynet.usersys server, skynet-dev.usersys is fine.

Note: I have deleted certificates and reset and rebooted and tried different user accounts to test this in 10.8.
Comment 1 Lee Newson 2012-07-27 00:45:26 EDT
Found the issue the default signing algorithm for the Java Keytool is OID. However it looks like Safari either has a bug or doesn't support keys signed using that algorithm.

I'll recreate the certificate using RSA as the signing algorithm as I've talked to Darrin and confirmed that works.
Comment 2 Lee Newson 2012-07-27 00:49:51 EDT
Oops the current signing method was SHA1 DSA sorry. I just looked into the OID number and found that is an identifier to identify different hashing algorithms.
Comment 3 Lee Newson 2012-07-29 17:08:17 EDT
I updated the certificate this morning so you shouldn't have any issues accessing skynet anymore.
Comment 4 Dana Mison 2012-07-29 20:17:44 EDT
Confirmed working on Safari6/OSX10.8 & iOS 5.5.1

Thanks for the quick turnaround :-)

Note You need to log in before you can comment on or make changes to this bug.