OS X 10.11 CardDAV with self-signed certificate

The CardDAV server I'm trying to connect to uses a self-signed certificate. Unfortunately I cannot do anything about it. In previous OS X versions, when connecting to this server the system asked if I want to connect using this insecure certificate. I could accept and continue. When trying the same thing in the current OS X version, this does not work. The Contacts.app only show a connection issue. When looking into the logs in Console, I could find this error: 02/12/15 00:55:39,637 Contacts: [CardDAVPlugin-ERROR] -getPrincipalInfo:[_controller discoverServer https://user@host:port(null)] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={ _kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway? } No alert, no asking for proceeding anyways. Now I thought I might be able to download the certificate, add it to the keychain and set the default trust to "Always Trust". echo -n | openssl s_client -connect host:port | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > carddav.cer Got the certificate, added it to the keychain, set the trust and tried again – bummer: Same error again and still no confirmation dialog. Now my question is: Is there any way to allow Contacts.app to connect to my server or to bring back the confirmation dialog? **EDIT** As requested, here are my SSL connection details: CONNECTED(00000003) depth=0 CN = , O = , OU = , ST = , C = , L = , emailAddress = verify error:num=18:self signed certificate verify return:1 depth=0 CN = , O = , OU = , ST = , C = , L = , emailAddress = verify return:1 --- Certificate chain 0 s:/CN=/O=/OU=/ST=/C=/L=/emailAddress= i:/CN=/O=/OU=/ST=/C=/L=/emailAddress= --- Server certificate -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- subject=/CN=/O=/OU=/ST=/C=/L=/emailAddress= issuer=/CN=/O=/OU=/ST=/C=/L=/emailAddress= --- No client certificate CA names sent --- SSL handshake has read 1198 bytes and written 658 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : SSLv3 Cipher : AES256-SHA Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1449069604 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- DONE