ssl errors

Ive been gettig errors in all apps that use SSL Ive not been able to login to apple dev for example I got a error saying the root cert was not trusted so I looked in my keychain and it was trsuted so I just click trust always in the web browser. But I could still not login so I noticed through the web inspector it was the javascript file (CDN) cert that had a error so I had to go to apple cdn to try to down load jquery so I could trust the cert within the browser and after that I could open the appstore app and I could not login to Apple developer site,


But there are heaps of sites I can not login to . In keychain all root certs as marked as trsuted but that are not being trusted I need to mark them through the web browser as trusted which I hard as each site might use 2 or 3 certs one for the site and others for CDN,



Ive had cert issue since I installed 10.11 Beta and Beta 2 .

Accepted Reply

In some cases this was because Verisign Certs specifically got limited to specific servers. Try:


  1. Open Keychain (by clicking CMD+Space and then typing “Keychain”).
  2. Then click the “system roots” (all items).
  3. For each of the “VeriSign Class x Publich Primary Certification Authority – Gxcertificate”, do the following:
  4. Double-click it, which brings up it's own window and expand the "Trust" menu.
  5. Here you need to choose to "Use System Default”, not "Always Trust".

Replies

I get a similar error getting directions using the mapkit. Don't know how to get around it:


MKDirections received error:Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x6180005bf100 {_kCFStreamErrorDomainKey=3, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9824, NSUnderlyingError=0x600003842220 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorPeerCertificateChainKey=(

), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://gsp-ssl.ls.apple.com/directions.arpc, NSErrorFailingURLStringKey=https://gsp-ssl.ls.apple.com/directions.arpc, NSErrorClientCertificateStateKey=0}

In some cases this was because Verisign Certs specifically got limited to specific servers. Try:


  1. Open Keychain (by clicking CMD+Space and then typing “Keychain”).
  2. Then click the “system roots” (all items).
  3. For each of the “VeriSign Class x Publich Primary Certification Authority – Gxcertificate”, do the following:
  4. Double-click it, which brings up it's own window and expand the "Trust" menu.
  5. Here you need to choose to "Use System Default”, not "Always Trust".

I worked this out yesterday after I used the browser to trust the cert that apple CDN used other sites started to work, Not I used the bowser to trust them as they were already marked as trusted in keychain for me . So if keychain is showing the certs as trusted then just go to apple dev and trusted the cert that it uses and then open web inspector and try to download one of there scripts from apple cdn and you will trust the other veri sign certs.

This has been happening to me in the final version of El Cap--I can't access any apple sties in Chrome or Safari, and the App Store won't work, nor will Apple Maps and XCode can't connect to the dev portal.


I'm onl able to log in to this site using Firefox, which seems to not care about these HTTPS issues.