Bug 843689 – Can no longer access Skynet using Safari on OSX or iOS

Bug 843689 - Can no longer access Skynet using Safari on OSX or iOS

Summary:	Can no longer access Skynet using Safari on OSX or iOS

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	PressGang CCMS
Classification:	Community
Component:	Web-UI (Show other bugs)
Sub Component:
Version:	1.x
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	---
Assigned To:	Lee Newson
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-07-27 00:12 EDT by Dana Mison
Modified:	2012-08-20 20:52 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-07-29 20:23:31 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Dana Mison 2012-07-27 00:12:15 EDT

After using Safari to access Skynet on OSX (10.7) for around a year, I upgraded to OSX 10.8 yesterday and found I could no longer access the site. I wasn't regularly using skynet via safari on iOS but I did check that it worked at one point in the past year (probably over 6 months ago), but it also isn't working now
either.

It seems related to the SSL certificate or configuration on the skynet.usersys server. If it is a Safari 6 bug (quite possible) then it is specific to the setup on that server.

I have tested this with the following sites tested that all have self-signed certificates:

* https://skynet.usersys.redhat.com:8443/TopicIndex
* https://skynet-dev.usersys.redhat.com:8443/TopicIndex
* https://presentations.cloud.lab.eng.bne.redhat.com

# Safari 5.1.7 - OSX Lion (10.7.4)

They all work (ie. they do the "hey these look dodgy, do you trust them?" confirmation ) and then the site works

# Safari 6.0 - OSX Mountain Lion (10.8)

https://skynet.usersys.redhat.com does not work at all. When I try to access it I just get the error message

'Safari can't open the page "https://skynet.usersys.redhat.com:8443/TopicIndex/" because Safari can't establish a secure connection to the server 'skynet.usersys.redhat.com'."

The other two sites work fine, as do sites with properly signed SSL certs

# Mobile Safari - iOS 5.5.1 and 6.0 Beta3

Same results as Safari 6 on Mountain Lion

Note that these sites all function correctly on OSX Mountain Lion (10.8) with Chrome 20.0.1132.57 and Firefox 14.0.1. The problem seems isolated to Safari 6 & iOS. And only the certificate or setup on the skynet.usersys server, skynet-dev.usersys is fine.

Note: I have deleted certificates and reset and rebooted and tried different user accounts to test this in 10.8.

Comment 1 Lee Newson 2012-07-27 00:45:26 EDT

Found the issue the default signing algorithm for the Java Keytool is OID. However it looks like Safari either has a bug or doesn't support keys signed using that algorithm.

I'll recreate the certificate using RSA as the signing algorithm as I've talked to Darrin and confirmed that works.

Comment 2 Lee Newson 2012-07-27 00:49:51 EDT

Oops the current signing method was SHA1 DSA sorry. I just looked into the OID number and found that is an identifier to identify different hashing algorithms.

Comment 3 Lee Newson 2012-07-29 17:08:17 EDT

I updated the certificate this morning so you shouldn't have any issues accessing skynet anymore.

Comment 4 Dana Mison 2012-07-29 20:17:44 EDT

Confirmed working on Safari6/OSX10.8 & iOS 5.5.1

Thanks for the quick turnaround :-)

Note You need to log in before you can comment on or make changes to this bug.