This article provides how to resolve the connection error with Safari on Mac OS X/iOS with HTML5 Access.

With HTML5 access configured, Mac OS X/iOS users with Safari are prompted with "Connection Error: An internal error with Guacamole server, and the connection has been terminated"

This issue occurs due to the device certificate on the PCS device is not trusted by Safari.  In the Mac OS X console logs, you will see the following error message:
 

12/31/15 6:19:58.064 PM com.apple.WebKit.WebContent[68268]: CFNetwork SSLHandshake failed (-9807)

To resolve this issue, ensure to install the root certificate (via keychain access) that signs the device certificate.  If the device certificate is a self-signed certificate, perform the following steps to trust the self signed certificate on MacOS.

Note: The following steps do not apply to iOS devices.  To resolve this issue for iOS devices, please refer to the iOS device section.

macOS:

1. Connect to the PCS device via Safari
2. During the initial connection, Safari will prompt the message "Safari can't verify the identify of the website "<website_address>"

3. Click Show Certificates
4. Select the checkbox Always trust "<website_address>" when connecting to "<website_address>"

5. Click Continue
6. A prompt for admin credentials will appear.  Enter the proper credentials and click Update Settings.

Once this is complete, retry the connection again.

iOS Devices:

For iOS, all HTML5 web socket connections must by from trusted certificate.  Since the device is making a secure connection to the Pulse Connect Secure device, the device certificate must be signed from a trusted certificate authority (public or private ca).  If iOS consider the certificate as trusted, the following error message will appear in the device console logs:

Feb 11 12:02:06 securityd[96] <Error>:  secTaskDiagnoseEntitlements 
MISSING keychain entitlements: no stored taskRef found
Feb 11 12:02:06 com.apple.WebKit.WebContent[527] <Error>:  SecTrustEvaluate  
[root AnchorTrusted]

To confirm this issue, perform the following steps:

1. Download and open Xcode on Mac OS X
2. Using a lighting cable, connect an iOS device to the Mac OS X.
3. From the menu bar, click Window > Devices.
4. From the left pane, under Devices, click on the iOS device.
5. From the bottom pane, replicate the issue and confirm the log message above.

To resolve this issue, please install a device certificate signed by a public CA (certificate authority) with all intermediate certificates on the PCS device.  For installation instructions, please refer to KB22288 - [PCS] How to install a certificate on a Pulse Connect Secure Access gateway.

Note:  It is possible to use a private CA or self-signed certificate to resolve this issue, but the private CA or self-signed certificate would need to be manually installed on every iOS device.  Additionally, end users will need to manually trust the root certificate for iOS device running 10.3.1 and above.  For further instructions, refer to KB40606 - Private or local CA already installed and receiving untrusted certificate warning when connecting to Pulse Connect Secure (PCS) device with iOS 10.3.1 and above.

This is not recommended for production devices as this solution is not scalable.