Chrome Mac - NET::ERR_CERT_AUTHORITY_INVALID
About This Mac
: OS X Yosemite 10.10.2
& MacBook Pro (Retina, 15-inch, Early 2013)
.
While trying to access GitHub · Build software better, together. (using Google Chrome Version 41.0.2272.43 beta (64-bit)
), I'm getting following error:
NET::ERR_CERT_AUTHORITY_INVALID
I'm able to access same site using Safari
and/or Firefox
.
Chrome
is reporting that DigiCert High Assurance EV Root CA
root certificate had expired on July 2014. This issue can be address by following these steps:
- Manually deleted my local copy of DigiCert High Assurance EV Root CA
- (open
Keychain Access
, selectkeychains:login
, select category:certificates
, search forDigiCert
, right click,delete
)
- (open
- Downloaded the real cert(s) from DigiCert Root Certificates - Download & Test | DigiCert.com
- Root Certificate Authority that the sites use:
- DigiCert High Assurance EV Root CA
- Intermediate Certificate Authorities that the sites use:
- DigiCert SHA2 Extended Validation Server CA
- DigiCert High Assurance CA-3
- Root Certificate Authority that the sites use:
- Added these certs to Keychain Access simply by double clicking them If that doesn't work you can manually import via File > Import.
Use following link to test it:
DigiCert Root Certificates - Download & Test | DigiCert.com
I was getting this on Mac OS Sierra on a cert for my company.
I fixed it by:
- going into Key Chain Access.
- Find certs for my company
- *.COMPANYNAME.com.
- There were two
- Right click > Get Info
- Then there are a number of drop down with Trust settings.
- I changed "When using this certificate" : was set to Custom I changed it to "Always Trust"
This set all the drop downs below it to Always trust.
I opened a company website SOMESITE.MYCOMPANY.com and https error went away.
I had the same problem, just with respect to different sites. It took me some time to go through a number of resources (including
- NET::ERR_CERT_AUTHORITY_INVALID with HSTS - Google Product Forums
- tls - Why is Symantec/Verisign CA appearing as an invalid authority? - Information Security Stack Exchange
Finally, what worked:
- check which certificates do not work (click on the lock with red cross, left to
https
), - using Keychain Access, remove this key (is in
login
, then certificates`), - install this certificate (or even a certificate family) from a trusted source.
- restart Chrome, perhaps, for some sited I had to wait some time (10 min?).
In my case, the problem was with VeriSign Class 3 Primary CA - G5. Then, I downloaded and installed all crt
files from https://www.symantec.com/page.jsp?id=roots.