Skip to main content

How to fix “Safari can’t establish a secure connection” error on Mac

This article covers effective methods to stop the “Safari can’t establish a secure connection” warning page from appearing in the web browser on Mac.

What is the “Safari can’t establish a secure connection to the server” alert?

Apple has always tried to stay ahead of the security and privacy game through monolithic protection features built into its operating systems. It is probably the most successful across the board in wheedling dubious software out of its official app marketplaces so that the lack of vigilance on the user’s part doesn’t lead to infection or scams. Executing suspicious or crudely coded programs on a Mac is largely a no-go due to rigid Notarization controls which, at the very least, generate extra alerts as users try to open such samples. XProtect, the famous anti-malware instrument, isn’t embodied in a specific UI, but it is constantly on the lookout for applications whose signatures match known attributes of adware, spyware, Trojans, and other mainstream threats. This is only a fraction of Apple’s remarkable defensive modules.

Safari fits this context fully. When a user is trying to load a site that doesn’t follow proper data encryption practices, the browser will display an alert saying it can’t open the page. The reason indicated on this error screen is as follows: “Safari can’t establish a secure connection to the server”. Let’s see what causes this warning and figure out what to do about it.

‘Safari can’t establish a secure connection’ error

The primary reason for this blocking lies in the browser’s countermeasures for the theft of users’ sensitive data as they interact with websites. The use of the Transport Layer Security (TLS) technology, which is an advanced replacement for the better-known Secure Sockets Layer (SSL) protocol, is the gold standard in the present-day Internet ecosystem. It makes a difference because it ensures that all information exchanged between one’s browser and a visited site is end-to-end encrypted. Digital certificates issued by certificate authorities (CAs) serve as proof of proper implementation of this mechanism.

If a malicious actor finds a way to intercept data that’s traveling back and forth between a user and a web page, TLS keeps these details unintelligible and makes them worthless for the third party. This way, things like passwords and personally identifiable information (PII) being entered cannot be mishandled. As is the case with any popular browser, Safari has effective algorithms in place to identify weak encryption or expired digital certificates, let alone instances where certificates are missing. Whenever a person tries to load such a site, the “Safari can’t establish a secure connection to the server” will appear.

However, sometimes the browser blocks users from going to well-known Internet resources as if their privacy techniques were inappropriate. Social networks, trusted news outlets, and other reputable sites may end up being inaccessible all of a sudden. Some people try clearing caches, history, and other website data, to no avail – the error page persists regardless. It turns out that the root causes for this predicament may go beyond crude traffic encryption, and they are often isolated to a specific Mac. Certain DNS server configurations, inconsistencies in the use of the IPv6 protocol, system clock inaccuracies, overprotection by antivirus software, or even buggy Safari activity after another update – all these may become catalysts for the problem. That said, if a specific site is getting the red light from the browser and won’t load because “Safari can’t establish a secure connection” to its server, be sure to try the fixes below.

How to fix “Safari can’t establish a secure connection” error on Mac

The following set of techniques should allow you to bypass the warning page that prevents you from visiting the website:

  1. Specify correct date and time settings
    • Go to System Preferences and select Date & Time.

      Open Date & Time settings

    • Click the padlock icon and enter your admin password to be able to modify these settings. Check if the system clock details are accurate. If they aren’t, enter the correct information.

      Set correct date and time on Mac

    • Also, make sure the Set date and time automatically option is enabled.
  2. Modify your DNS settings
    • Open System Preferences and select Network.

      Go to network settings

    • Click the Advanced button at the bottom right of the window.

      Proceed to advanced network settings

    • Select the DNS tab. Remove all DNS servers listed there by clicking the “minus” sign.
    • Click the “plus” symbol and enter 8.8.8.8 Then, add one more server address, namely 8.8.4.4 These two are Google Publish DNS servers.

      Add new DNS server addresses

    • Click OK to put the changes into effect.
    • Restart Safari and check if the problem has been fixed.
  3. Instruct your Keychain to trust the site’s certificate
    • Open the site using another web browser, for instance, Google Chrome. Click View site information (padlock icon near the URL) and select Certificate.

      Access site information on another browser

    • Take a look at the name of the digital certificate used by the website.

      Determine the certificate name

    • Open Spotlight (the magnifying glass icon in the menu bar) and start typing “Keychain” in the search area. Once the top hits start appearing, select Keychain Access.

      Open Keychain Access

    • Click System Roots, find the certificate of the website you can’t access in Safari, and double-click it.

      Select the certificate

    • Expand the Trust section of the certificate settings. Next to the phrase that says, “When using this certificate”, select Always Trust.

      Set Keychain to always trust the certificate

    • Check if the issue has been resolved.
  4. Temporarily disable IPv6 protocol for your network
    • Open the System Preferences app once again and choose Network.

      Go to network settings

    • Click Advanced.

      Proceed to advanced network settings

    • Hit the TCP/IP tab, locate the Configure IPv6 section, and select Manually as illustrated below.

      Select manual mode of IPv6 operation

    • Try to load the site in Safari.
  5. Make sure the site is on your antivirus tool’s whitelist
    • In some cases, the online security feature of a third-party AV solution may interfere with the normal web surfing routine. If none of the above methods has helped, open the application’s settings and check if there are any restrictions for visiting specific sites. In case you spot a quirk that may potentially block the page, turn it off or modify its functionality to let the URL flow through.
11

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in