Fixing an old Digicert issue

Instructions for clearing expired DigiCert SSL certificate on OSX

Problem:
* Visiting several sites, such as github, gravatar, twitter’s CDN results in “invalid certificate” errors
Instructions
  1. Launching Keychain Access via Spotlight
    • ⌘-Space
    • Type “Keychain Access”
    • Hit return
  2. Ensure that expired certificates are visible by selecting”Show Expired Certificates” from the View menu
  3. Search for “Digicert”.
  4. Right-click the certificate with a red X and select “Delete DigiCert High Assurance EV Root CA”
  5. The certificate may not look removed until Keychain Access is restarted
  6. Restart your browsers
  7. If problems persist, confirming your OS is up to date may help.
You should once again be able to access the affected sites.

 

expired-cert

Removing an old Expired Certificate

Instructions and screenshots courtesy of Allen Hancock of Watchman Monitoring and Aaron Graves of WeSpire

13 thoughts on “Fixing an old Digicert issue

  1. I had the same issue but deleting the cert did not fix the issue. I also reset my keychain, which failed to fix the issue. In the end, it seems the cert in question, which was in widespread usage, has been updated (not sure how) via an OSX security update. If you update your OSX with the latest (post 7/26/2014) changes, it may fix the issue. This was the eventual solution for me.

  2. What I think:
    ——–
    iCloud keychain sync makes the problem worse.

    My experience
    ——————
    I had the same problem on a laptop and a desktop, and deleting the expired cert did _not_ help on the laptop. Then did the same on the desktop and it worked!

    In other words, when deleting the bad cert from the laptop – iCloud sync somehow ‘restored’ it back to that machine, so I had to delete it from the machine where I first used it.

  3. I’ve deleted that cert. Rebooted. And some sites now are working. But most of the others now are giving an error on other certs, also by DigiCert. But I can’t see it on the keychain. This is really weird. It didn’t happened before July 26. Do you know how can I fix it?

  4. Pingback: Why won’t OS X trust GitHub’s SSL certificate? | Some SuperUser Questions and Answers

Leave a Reply