Recently, I encountered a frustrating issue where my website worked perfectly in Chrome but failed to load in Safari with the error:

"Safari can't open the page. The error is \"The operation couldn't be completed. Protocol error\" (NSPOSIXErrorDomain:100)"

The setup includes:

• AWS EC2 instance running Apache
• Wildfly application server
• ELB (Elastic Load Balancer) terminating HTTPS

First, I checked the standard logs:

tail -f /etc/httpd/logs/error_log
tail -f /etc/httpd/logs/access_log

Surprisingly, nothing appeared in these logs when the Safari error occurred. The Safari developer console also didn't provide any useful information beyond the generic protocol error.

After some research, I realized Safari has stricter requirements for HTTPS connections than Chrome. The key areas to investigate:

1. SSL certificate chain completeness
2. TLS protocol versions supported
3. Cipher suite compatibility

I used OpenSSL to test the configuration:

openssl s_client -connect test.papereed.com:443 -servername test.papereed.com -showcerts

The root cause was an incomplete certificate chain. While Chrome is forgiving about this, Safari strictly requires the full chain. Here's how I fixed it in Apache:

# In your SSL configuration file (e.g., ssl.conf)
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/IntermediateCA.crt

For AWS Load Balancer users, ensure you include all intermediate certificates when uploading your SSL certificate to ACM.

These settings helped ensure broader browser compatibility:

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!3DES
SSLHonorCipherOrder on

After making these changes, I used SSL Labs' test tool to verify:

https://www.ssllabs.com/ssltest/analyze.html?d=test.papereed.com

The test confirmed the certificate chain was now complete and the configuration was Safari-compatible.

This experience taught me that while Chrome's leniency makes development easier, we must always test in Safari (especially on macOS and iOS) to ensure proper HTTPS functionality. The key takeaways:

• Always include the full certificate chain
• Use modern TLS protocols and secure cipher suites
• Test with multiple browsers and tools like SSL Labs

AWS EC2 (Amazon Linux 2)
Apache 2.4 as reverse proxy
WildFly 26 as application server
Application Load Balancer with HTTPS termination
Let's Encrypt certificate

# Verify certificate chain
openssl s_client -connect test.papereed.com:443 -servername test.papereed.com | openssl x509 -text -noout

# Check TLS protocols
nmap --script ssl-enum-ciphers -p 443 test.papereed.com

<IfModule mod_ssl.c>
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!CAMELLIA:!DES
    SSLHonorCipherOrder on
    SSLCompression off
    SSLSessionTickets off
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</IfModule>

# Test from macOS terminal
curl -Iv https://test.papereed.com

# SSL Labs test
https://www.ssllabs.com/ssltest/analyze.html?d=test.papereed.com

# Safari developer tools
Develop → Show Web Inspector → Console