Chrome Mac - NET::ERR_CERT_AUTHORITY_INVALID

About This Mac: OS X Yosemite 10.10.2 & MacBook Pro (Retina, 15-inch, Early 2013).

While trying to access GitHub · Build software better, together. (using Google Chrome Version 41.0.2272.43 beta (64-bit)), I'm getting following error:

NET::ERR_CERT_AUTHORITY_INVALID

I'm able to access same site using Safari and/or Firefox.


Chrome is reporting that DigiCert High Assurance EV Root CA root certificate had expired on July 2014. This issue can be address by following these steps:

  • Manually deleted my local copy of DigiCert High Assurance EV Root CA
    • (open Keychain Access, select keychains:login, select category: certificates, search for DigiCert, right click, delete)
  • Downloaded the real cert(s) from DigiCert Root Certificates - Download & Test | DigiCert.com
    • Root Certificate Authority that the sites use:
      • DigiCert High Assurance EV Root CA
    • Intermediate Certificate Authorities that the sites use:
      • DigiCert SHA2 Extended Validation Server CA
      • DigiCert High Assurance CA-3
  • Added these certs to Keychain Access simply by double clicking them If that doesn't work you can manually import via File > Import.

Use following link to test it:

DigiCert Root Certificates - Download & Test | DigiCert.com


I was getting this on Mac OS Sierra on a cert for my company.

I fixed it by:

  • going into Key Chain Access.
  • Find certs for my company
  • *.COMPANYNAME.com.
  • There were two
  • Right click > Get Info
  • Then there are a number of drop down with Trust settings.
  • I changed "When using this certificate" : was set to Custom I changed it to "Always Trust"

This set all the drop downs below it to Always trust.

I opened a company website SOMESITE.MYCOMPANY.com and https error went away.


I had the same problem, just with respect to different sites. It took me some time to go through a number of resources (including

  • NET::ERR_CERT_AUTHORITY_INVALID with HSTS - Google Product Forums
  • tls - Why is Symantec/Verisign CA appearing as an invalid authority? - Information Security Stack Exchange

Finally, what worked:

  • check which certificates do not work (click on the lock with red cross, left to https),
  • using Keychain Access, remove this key (is in login, then certificates`),
  • install this certificate (or even a certificate family) from a trusted source.
  • restart Chrome, perhaps, for some sited I had to wait some time (10 min?).

In my case, the problem was with VeriSign Class 3 Primary CA - G5. Then, I downloaded and installed all crt files from https://www.symantec.com/page.jsp?id=roots.