Hi David,
As I mentioned originally, I’m 99% sure that the problem will be expired
certificate/s in Keychain Access.
1. Open ‘Keychain Access’
2. Under Keychains (in left column) - Select ‘Login’
Under Category ( in left column) - Select ‘All Items’
3. In Top Menu Bar of Keychain Access > View - select ‘Show Expired
Certificates’
4. Type in the search field - DigiCert High and press enter/return on your
keyboard
5. Find "DigiCert High Assurance EV Root CA" that is probably marked as Expired
(a red X)
6. Click the expired certificate & Delete by pressing Delete on your keyboard
7. Check if there are any other expired certificates and delete them.
Or Choose Keychain Access > Certificate Assistant > Evaluate (certificate name)
If your certificate is not valid, it will have a red "x" and state the reason
why.
Generally the reason is "This certificate has expired" or "This certificate was
signed by an unknown authority”.
Cheers,
Ronni
> On 1 Jan 2017, at 12:27 pm, David Noel <[email protected]> wrote:
>
> I'm having a problem again with connecting to popular sites on my new iMac
> running Sierra 10.12.2. I'm writing this on my old iMac running 10.6.8, which
> does not have these problems.
>
> On attempting to connect to Google, I get:
>
> This site can't provide a secure connection
> www.google.com.au <http://www.google.com.au/> doesn't adhere to security
> ERR_SSL_SERVER_CERT_BAD_FORMAT
>
> I get similar results with other https sites like Youtube, iTunes, Chrome
> etc. Last time I had this problem (as below), I went through my Keychain
> (which showed no expired certificates) and through DigiCert High to check the
> certificates. After checking, the services worked OK again.
>
> This time I got through to SSL Server Test (https://www.ssllabs.com/ssltest/
> <https://www.ssllabs.com/ssltest/>) and checked the certificates for Google,
> Chrome, Apple, etc, which all came up "A" or "A-". But the new iMac still
> cannot connect to these sites.
>
> Other non-https sites can be accessed with Chrome, Safari, and Firefox, also
> some https sites like Unibank (Australian).
>
> I've also searched (on this old iMac) for people having similar problems. At
>
> https://community.rapid7.com/thread/9213
> <https://community.rapid7.com/thread/9213>, titled "Open Nexpose by use
> Chrome". it said:
>
> "We've seen this issue with Mac OS X Sierra in particular. It seems they have
> made an update to the system keychain that affects Chrome, Safari, curl, and
> any other applications that use the system for SSL/TLS connections. Firefox
> is not affected since it uses its own implementation.
>
> We are currently working on a fix in Nexpose to get around this issue,
> though."
>
> So it seems the problem may be in Keychain, rather than with the certificates
> themselves. And Firefox did not work for me. Can anyone throw any light on
> this, please?
>
> David Noel
> 2017 Jan 1
>
>
> On 19 December 2016 at 16:10, Ronda Brown <[email protected]
> <mailto:[email protected]>> wrote:
> Hi David,
> Good to hear the problem is solved.
>
> Merry Christmas 🎄
>
> Kindest Regards,
> Ronni
>
> Sent from Ronni's iPhone 7 Plus
>
> On 19 Dec 2016, at 4:01 pm, David Noel <[email protected]
> <mailto:[email protected]>> wrote:
>
>> -- Thanks so much, Ronni, I'm not exactly sure what happened, but I followed
>> your instructions till I got somehow to SSL Certificate Checker at
>> https://www.digicert.com/help/ <https://www.digicert.com/help/>
>> and when I typed in "google.com <http://google.com/>" it came back with a
>> clear certificate, and then Google worked OK. Same for Apple and Youtube.
>>
>> -- I'm forever in awe with how you solve these problems! Sorry I mistakenly
>> said my OS was El Capitan, I am on Sierra 10.12.1. I did click "Software
>> Update" on "About this Mac" and it reported "No updates available", so maybe
>> you have a later version from another source.
>>
>> All the very best, David.
>>
>>
>> On 19 December 2016 at 15:03, Ronni Brown <[email protected]
>> <mailto:[email protected]>> wrote:
>> Hi David,
>> You mentioned below you are running 10.12.1 El Capitan… 10.12.1 is macOS
>> Sierra 10.12.1 & now has update 10.12.2
>>
>> Make sure all your Browsers are current latest versions.
>>
>> Also check Keychain Access for any ‘Expired Certificates’! Especially look
>> for the one I mention below.
>>
>> • On your Mac computer, at the top right, click Spotlight search
>> <oXRAmyqwVjPaSBxVVxwuQVApSxU-lIoeyEHAoziwKOzM0W9eWveB4lr3fSd1l-Azvz8=w18-h18.png>.
>> • Enter "Keychain Access."
>> • In the results, click Keychain Access.
>> • At the top of your computer screen, click View
>> <nHFGZ_9xjCh-mP83zMzXQVJF5VYf2n6kwoBIxB2zv3V4VPT4gNTtBye8lYznogLqLPY=w13-h18.png>
>> Show Expired Certificates.
>> • At the top right, click Search
>> <oXRAmyqwVjPaSBxVVxwuQVApSxU-lIoeyEHAoziwKOzM0W9eWveB4lr3fSd1l-Azvz8=w18-h18.png>.
>> • Type "DigiCert High" and press Enter on your keyboard.
>> • Find "DigiCert High Assurance EV Root CA" that is marked as Expired
>> <RowYeEAcxtbn5Oxt3_kapTqfOAP60OoRF1OIKp8f21ZPe2ub42GxWvM5Omm4ZfabPlE=h18.png>.
>> Click the certificate.
>> • Delete by pressing Delete on your keyboard
>>
>> Cheers,
>> Ronni
>>
>> 13-inch MacBook Air (April 2014)
>> 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz
>> 8GB 1600MHz LPDDR3 SDRAM
>> 512GB PCIe-based Flash Storage
>>
>> macOS Sierra 10.12.2
>>
>>
>>> On 19 Dec. 2016, at 2:25 pm, David Noel <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Hi Ronni, no, I have no security-type software. Anything else, such as
>>> a work-around?
>>>
>>> Cheers, David.
>>>
>>> On 19 December 2016 at 14:10, Ronda Brown <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>> Are you using Kaspersky security software or Avast or some such software?
>>>>
>>>>
>>>> Sent from Ronni's iPad4
>>>>
>>>>
>>>> On 19 Dec. 2016, at 1:58 pm, David Noel <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> I have a new iMac which I use for most purposes, running 10.12.1 El
>>>> Capitan. Since I upgraded from 10.11, I've had occasional problems
>>>> where my browsers can't access Google and Apple's own sites.
>>>>
>>>> Error message from Chrome on accessing gmail:
>>>>
>>>> "this site can't provide a secure connection, mail.google.com
>>>> <http://mail.google.com/> doesn't
>>>> adhere to security standards".
>>>>
>>>> Error message from Firefox on accessing Apple:
>>>>
>>>> The owner of support.apple.com <http://support.apple.com/> has configured
>>>> their website improperly
>>>> to protect your information from being stolen, Firefox has not
>>>> connected to this website".
>>>>
>>>> Safari did not produce an error message, but seemed unable to load
>>>> certain sites.
>>>>
>>>> In the past, I've been able to clear this problem by Restarting, but
>>>> this hasn't worked today. Has anyone any ideas on this matter?
>>>>
>>>> It's inconceivable that Google and Apple have the faults indicated. As
>>>> I'm unable to access gmail, I'm sending this from my older machine
>>>> still on 10.6.8 -- this does not have the above problem.
>>>>
>>>> Thanks and Merry Christmas --
>>>>
>>>> David Noel
>
>
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
