This is similar to Safari can't connect to https, but is just for one single https site.
Safari can't connect to my local NAS' HTTPS site anymore because it "can't establish a secure connection". This is an administrator account, every other newly created account on the system works fine.
This happened after creating multiple different certs for my NAS with alternative names and installing a different one every few days during some testing. After the final certificate was installed to the NAS, I deleted all old certificates from the keychain. Now all alternative names mentioned in an older version result in the above problem, while the newly added alternative names working well:
- mynas.local doesn't work (primary cert name)
- old.mynas.local doesn't work (very first alternative name from early tests)
- new.mynas.local works fine (new alternative name from last cert generation)
Both work fine on other systems, or with a newly created user.
I tried the following without success:
- deleting
~/Library/Preferences/com.apple.security.plistlike mentioned in the other post above - resetting my default keychain
Best Answer
Seems I finally found the solution (after trying so messing so many things up due to other solutions): Using "Internet Accounts" to add a CalDAV account for the server.
As soon as I tried to add a new CalDAV account for "https://old.mynas.local" I got a "untrusted certificate - what should I do"-dialog and could successfully trust the new certificate. Then all problems in Safari vanished as well. It seems OSX internet accounts uses its very own certificate system and this trusted one of the old certificates due to a CalDAV account previously configured and thus forbid access to the https server now serving the "wrong" certificate. The creepy thing: the dialog popping up was in English although my OS language is not English.
This solution might even work if one doesn't use CalDAV, because the certificate dialog should pop up as soon as the https connection is established, even before trying to check for DAV functionality.