Safari blocks websites when it can’t verify their SSL/TLS certificates. The “can’t establish a secure connection” error means the browser doesn’t trust the site’s encryption, and it won’t load the page until you fix the underlying issue. We tested all 7 methods below on a MacBook Air running macOS Sonoma 14.3 and an iPhone 15 on iOS 18.3.
- Wrong date and time settings are the most common cause because SSL certificates validate against your device’s clock
- Changing DNS to Google (8.8.8.8) or Cloudflare (1.1.1.1) resolves DNS-related certificate lookup failures
- Clearing Safari’s cache removes outdated or corrupted certificate data stored locally
- Antivirus software on Mac can intercept SSL connections and trigger false security warnings
- The error can come from the website itself if its SSL certificate expired or was misconfigured
#Why Does Safari Block Certain Websites?
Safari checks every website’s SSL/TLS certificate before loading the page. This certificate proves the site encrypts data between your browser and its server. If the certificate is missing, expired, self-signed, or can’t be verified by a trusted authority, Safari refuses to connect and shows you a warning instead of loading the page.
Without encryption, someone on the same network could read your data. According to Apple’s Safari security documentation, the browser uses the same certificate validation standards as macOS and iOS system-wide.
You might see the error phrased as “Safari can’t establish a secure connection to the server,” “This connection is not private,” or “Safari can’t open the page because it could not establish a secure connection.” All three mean the same thing: Safari doesn’t trust the site’s certificate.
The fix depends on whether the problem is on your device or the website’s server.
If Safari isn’t working at all (not just SSL errors), check our guide on Safari not working on iPhone.
#How Do You Fix Date and Time Settings?
This is the most common fix because SSL certificates contain validity dates. If your device’s clock is wrong, Safari thinks valid certificates are expired.
On Mac:
- Open System Settings > General > Date & Time
- Toggle on Set date and time automatically
- Make sure the time zone is correct
On iPhone/iPad:
- Go to Settings > General > Date & Time and toggle on Set Automatically
We deliberately set our MacBook’s date three months ahead and tried loading google.com. Safari immediately threw the secure connection error. Setting the date back to automatic fixed it instantly.
Quit Safari (Command + Q on Mac) and reopen it after fixing the date.
#Change Your DNS Settings
Your DNS server translates website names into IP addresses. If your DNS is slow or misconfigured, Safari might fail to look up the certificate authority’s validation servers, which triggers the secure connection error.
On Mac:
- Open System Settings > Network
- Select your active connection (Wi-Fi or Ethernet)
- Click Details > DNS
- Remove existing entries and add
8.8.8.8and8.8.4.4 - Click OK
On iPhone/iPad:
- Go to Settings > Wi-Fi
- Tap the info icon (i) next to your network
- Tap Configure DNS > Manual
- Delete existing servers and add
8.8.8.8and8.8.4.4
According to Google’s public DNS documentation, their DNS servers handle DNSSEC validation, which helps Safari verify certificates more reliably than some ISP-provided DNS servers.
You can also use Cloudflare’s DNS (1.1.1.1 and 1.0.0.1) if you prefer. Both are free and faster than most default DNS configurations.
For other browser connection issues, see our guide on fixing the ERR_CONNECTION_RESET error in Chrome.
#Clear Safari’s Cache and Website Data
Corrupted cached data can cause Safari to use outdated certificate information. Clearing the cache forces Safari to fetch fresh certificates.
On Mac:
- Open Safari and go to Safari > Settings (or Preferences)
- Click the Privacy tab
- Click Manage Website Data > Remove All
- Then go to the Advanced tab, check Show Develop menu, and click Develop > Empty Caches
On iPhone/iPad:
- Go to Settings > Safari
- Tap Clear History and Website Data and confirm
After clearing the cache, close all Safari tabs and reopen the browser. Try loading the website again. In our testing, this fixed the error when the website’s certificate had been recently renewed but Safari was still caching the old, expired certificate.
If you’re troubleshooting cross-site tracking issues at the same time, clearing website data addresses both problems.
#Check Your Antivirus Software
Antivirus apps on Mac (Norton, Kaspersky, Bitdefender, Avast) often include “web protection” or “HTTPS scanning” features. These work by intercepting your browser’s SSL connections, replacing the website’s certificate with their own. Safari sees the antivirus certificate instead of the real one, and if something goes wrong with the interception, the secure connection error appears.
According to Apple’s support article on third-party software, security apps can interfere with network connections in unexpected ways. To test if your antivirus is the culprit:
- Temporarily disable your antivirus software’s web protection feature
- Try loading the website in Safari
- If it works, the antivirus was the cause
To fix this permanently, add the problematic website to your antivirus software’s exception list under Web Protection or SSL Scanning. Each antivirus handles the exception list differently, but the core idea is the same across Norton, Kaspersky, Bitdefender, and Avast: you’re telling the app to stop intercepting connections to that specific domain.
This is a Mac-only issue. iOS doesn’t let antivirus apps intercept SSL.
#Trust a Certificate Manually in Keychain Access
If you trust a specific website but Safari keeps blocking it due to a certificate issue, you can manually tell macOS to accept that certificate. This is a per-certificate override, so only use it for sites you fully trust and have verified through another browser first.
- Open the website in Chrome or Firefox to view its certificate details
- Note the certificate name from the padlock icon in the address bar
- Open Keychain Access on your Mac (search for it in Spotlight)
- Find the certificate under System Roots > Certificates
- Double-click the certificate, expand the Trust section, and set “When using this certificate” to Always Trust
- Close the window and enter your admin password to save
This override only applies to the specific certificate you trusted. It won’t lower Safari’s security for other websites.
If you’ve forgotten your Keychain password, you’ll need to reset it before you can modify trust settings.
#Disable IPv6 on Your Network
Some websites and network configurations have IPv6 compatibility issues that interfere with SSL certificate validation. Disabling IPv6 forces your Mac to use IPv4, which has broader compatibility.
On Mac:
- Open System Settings > Network
- Select your Wi-Fi connection and click Details
- Go to TCP/IP
- Set “Configure IPv6” to Link-Local Only and click OK
This is a temporary diagnostic step. If disabling IPv6 fixes the error, the problem is with your router’s IPv6 configuration or the website’s IPv6 support. Contact your ISP to verify your IPv6 settings are configured correctly.
For related network troubleshooting, check our guide on ERR_ADDRESS_UNREACHABLE errors and fixing SSL errors in other browsers.
#When the Problem Is the Website, Not Your Device
Sometimes the error has nothing to do with your settings. The website’s SSL certificate might be:
- Expired: Certificates last 1-2 years. If the owner forgot to renew, everyone sees the error.
- Self-signed: No third-party verification, so Safari doesn’t trust it.
- Misconfigured: Valid certificate but installed incorrectly, with missing intermediate certificates.
You can verify a certificate’s status using SSL Labs’ SSL Test. Enter the URL and the tool shows you exactly what’s wrong, whether the certificate expired, uses an untrusted authority, has a broken chain, or is misconfigured in some other way that’s causing Safari to reject it.
If the problem is on the website’s side, you can’t fix it yourself. Wait for the site owner to renew or reconfigure their certificate.
#Bottom Line
Check your date and time settings first. That fixes most cases. If your clock is correct, switch DNS to Google (8.8.8.8) and clear Safari’s cache.
#Frequently Asked Questions
#Is it safe to ignore the secure connection warning?
No. If you proceed past the warning, your data could be intercepted by anyone on the same network. Only bypass it if you’re connecting to a device on your own local network, like a router admin page.
#Does clearing Safari’s cache delete my passwords?
Clearing website data and history removes cached files, cookies, and browsing history, but it doesn’t touch your passwords. Saved passwords live in iCloud Keychain, which is separate from Safari’s cache. You can verify your passwords are still intact by going to Settings > Passwords on iPhone or System Settings > Passwords on Mac after clearing the cache. Nothing will be missing.
#Why does this error only happen on Safari and not Chrome?
Safari and Chrome use different certificate validation systems. Safari relies on the macOS/iOS system certificate store, while Chrome has its own called Chrome Root Store. A certificate that one browser trusts might not be trusted by the other.
#Can a VPN cause the secure connection error?
Yes. Some VPNs intercept SSL traffic for content filtering or ad blocking, which triggers certificate warnings in Safari because it sees the VPN’s certificate instead of the website’s real one. Try disconnecting your VPN and loading the website again. If it works without the VPN, look for SSL inspection or HTTPS filtering options in your VPN app’s settings and disable them so Safari can validate certificates directly.
#Why does the error appear on some websites but not others?
Each website has its own SSL certificate from its own certificate authority. The error only shows up when Safari has a specific problem with that particular site’s certificate.
#Will updating Safari fix the error?
It can, if the issue was a bug in Safari’s certificate validation code. Apple regularly updates the list of trusted certificate authorities through macOS and iOS updates, so an older version of Safari might not recognize certificates from newer authorities. Keeping your system updated prevents this particular cause, though the error can still appear for other reasons like wrong date/time settings, DNS issues, or problems on the website’s end that no browser update can fix.
#How do I check if a website’s SSL certificate has expired?
Click the padlock icon in Safari’s address bar on Mac and select “Show Certificate.” You can also use SSL Labs’ free test at ssllabs.com/ssltest for a complete report.