Forgot to mention to 'Restart your computer' after deleting or changing any certificates in Keychain Access.
Sent from Ronni's iPad4 > On 1 Jan 2017, at 1:54 pm, Ronni Brown <ro...@mac.com> wrote: > > Hi David, > > As I mentioned originally, I’m 99% sure that the problem will be expired > certificate/s in Keychain Access. > 1. Open ‘Keychain Access’ > 2. Under Keychains (in left column) - Select ‘Login’ > Under Category ( in left column) - Select ‘All Items’ > 3. In Top Menu Bar of Keychain Access > View - select ‘Show Expired > Certificates’ > 4. Type in the search field - DigiCert High and press enter/return on your > keyboard > 5. Find "DigiCert High Assurance EV Root CA" that is probably marked as > Expired (a red X) > 6. Click the expired certificate & Delete by pressing Delete on your keyboard > > 7. Check if there are any other expired certificates and delete them. > Or Choose Keychain Access > Certificate Assistant > Evaluate (certificate > name) > If your certificate is not valid, it will have a red "x" and state the reason > why. > > Generally the reason is "This certificate has expired" or "This certificate > was signed by an unknown authority”. > > Cheers, > Ronni > >> On 1 Jan 2017, at 12:27 pm, David Noel <lis...@aoi.com.au> wrote: >> >> I'm having a problem again with connecting to popular sites on my new iMac >> running Sierra 10.12.2. I'm writing this on my old iMac running 10.6.8, >> which does not have these problems. >> >> On attempting to connect to Google, I get: >> >> This site can't provide a secure connection >> www.google.com.au doesn't adhere to security >> ERR_SSL_SERVER_CERT_BAD_FORMAT >> >> I get similar results with other https sites like Youtube, iTunes, Chrome >> etc. Last time I had this problem (as below), I went through my Keychain >> (which showed no expired certificates) and through DigiCert High to check >> the certificates. After checking, the services worked OK again. >> >> This time I got through to SSL Server Test >> (https://www.ssllabs.com/ssltest/) and checked the certificates for Google, >> Chrome, Apple, etc, which all came up "A" or "A-". But the new iMac still >> cannot connect to these sites. >> >> Other non-https sites can be accessed with Chrome, Safari, and Firefox, also >> some https sites like Unibank (Australian). >> >> I've also searched (on this old iMac) for people having similar problems. At >> >> https://community.rapid7.com/thread/9213, titled "Open Nexpose by use >> Chrome". it said: >> >> "We've seen this issue with Mac OS X Sierra in particular. It seems they >> have made an update to the system keychain that affects Chrome, Safari, >> curl, and any other applications that use the system for SSL/TLS >> connections. Firefox is not affected since it uses its own implementation. >> >> We are currently working on a fix in Nexpose to get around this issue, >> though." >> >> So it seems the problem may be in Keychain, rather than with the >> certificates themselves. And Firefox did not work for me. Can anyone throw >> any light on this, please? >> >> David Noel >> 2017 Jan 1 >> >> >>> On 19 December 2016 at 16:10, Ronda Brown <ro...@mac.com> wrote: >>> Hi David, >>> Good to hear the problem is solved. >>> >>> Merry Christmas 🎄 >>> >>> Kindest Regards, >>> Ronni >>> >>> Sent from Ronni's iPhone 7 Plus >>> >>>> On 19 Dec 2016, at 4:01 pm, David Noel <lis...@aoi.com.au> wrote: >>>> >>>> -- Thanks so much, Ronni, I'm not exactly sure what happened, but I >>>> followed your instructions till I got somehow to SSL Certificate Checker >>>> at >>>> https://www.digicert.com/help/ >>>> and when I typed in "google.com" it came back with a clear certificate, >>>> and then Google worked OK. Same for Apple and Youtube. >>>> >>>> -- I'm forever in awe with how you solve these problems! Sorry I >>>> mistakenly said my OS was El Capitan, I am on Sierra 10.12.1. I did click >>>> "Software Update" on "About this Mac" and it reported "No updates >>>> available", so maybe you have a later version from another source. >>>> >>>> All the very best, David. >>>> >>>> >>>>> On 19 December 2016 at 15:03, Ronni Brown <ro...@mac.com> wrote: >>>>> Hi David, >>>>> You mentioned below you are running 10.12.1 El Capitan… 10.12.1 is macOS >>>>> Sierra 10.12.1 & now has update 10.12.2 >>>>> >>>>> Make sure all your Browsers are current latest versions. >>>>> >>>>> Also check Keychain Access for any ‘Expired Certificates’! Especially >>>>> look for the one I mention below. >>>>> >>>>> • On your Mac computer, at the top right, click Spotlight search >>>>> <oXRAmyqwVjPaSBxVVxwuQVApSxU-lIoeyEHAoziwKOzM0W9eWveB4lr3fSd1l-Azvz8=w18-h18.png>. >>>>> • Enter "Keychain Access." >>>>> • In the results, click Keychain Access. >>>>> • At the top of your computer screen, click View >>>>> <nHFGZ_9xjCh-mP83zMzXQVJF5VYf2n6kwoBIxB2zv3V4VPT4gNTtBye8lYznogLqLPY=w13-h18.png> >>>>> Show Expired Certificates. >>>>> • At the top right, click Search >>>>> <oXRAmyqwVjPaSBxVVxwuQVApSxU-lIoeyEHAoziwKOzM0W9eWveB4lr3fSd1l-Azvz8=w18-h18.png>. >>>>> • Type "DigiCert High" and press Enter on your keyboard. >>>>> • Find "DigiCert High Assurance EV Root CA" that is marked as Expired >>>>> <RowYeEAcxtbn5Oxt3_kapTqfOAP60OoRF1OIKp8f21ZPe2ub42GxWvM5Omm4ZfabPlE=h18.png>. >>>>> Click the certificate. >>>>> • Delete by pressing Delete on your keyboard >>>>> >>>>> Cheers, >>>>> Ronni >>>>> >>>>> 13-inch MacBook Air (April 2014) >>>>> 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz >>>>> 8GB 1600MHz LPDDR3 SDRAM >>>>> 512GB PCIe-based Flash Storage >>>>> >>>>> macOS Sierra 10.12.2 >>>>> >>>>> >>>>>> On 19 Dec. 2016, at 2:25 pm, David Noel <lis...@aoi.com.au> wrote: >>>>>> >>>>>> Hi Ronni, no, I have no security-type software. Anything else, such as >>>>>> a work-around? >>>>>> >>>>>> Cheers, David. >>>>>> >>>>>>> On 19 December 2016 at 14:10, Ronda Brown <ro...@mac.com> wrote: >>>>>>> Are you using Kaspersky security software or Avast or some such >>>>>>> software? >>>>>>> >>>>>>> >>>>>>> Sent from Ronni's iPad4 >>>>>>> >>>>>>> >>>>>>> On 19 Dec. 2016, at 1:58 pm, David Noel <lis...@aoi.com.au> wrote: >>>>>>> >>>>>>> I have a new iMac which I use for most purposes, running 10.12.1 El >>>>>>> Capitan. Since I upgraded from 10.11, I've had occasional problems >>>>>>> where my browsers can't access Google and Apple's own sites. >>>>>>> >>>>>>> Error message from Chrome on accessing gmail: >>>>>>> >>>>>>> "this site can't provide a secure connection, mail.google.com doesn't >>>>>>> adhere to security standards". >>>>>>> >>>>>>> Error message from Firefox on accessing Apple: >>>>>>> >>>>>>> The owner of support.apple.com has configured their website improperly >>>>>>> to protect your information from being stolen, Firefox has not >>>>>>> connected to this website". >>>>>>> >>>>>>> Safari did not produce an error message, but seemed unable to load >>>>>>> certain sites. >>>>>>> >>>>>>> In the past, I've been able to clear this problem by Restarting, but >>>>>>> this hasn't worked today. Has anyone any ideas on this matter? >>>>>>> >>>>>>> It's inconceivable that Google and Apple have the faults indicated. As >>>>>>> I'm unable to access gmail, I'm sending this from my older machine >>>>>>> still on 10.6.8 -- this does not have the above problem. >>>>>>> >>>>>>> Thanks and Merry Christmas -- >>>>>>> >>>>>>> David Noel
-- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
