Fix problems connecting to iTunes, App Store, or any HTTPS sites after upgrade to El Capitan (OS X 10.11)

TL; DR: Delete VeriSign certificates from your login keychain. Skip to how.¹

Last week, I upgraded to El Capitan, the latest version of Apple's OS X operating system. The upgrade went smoothly, but I soon found that Safari and Chrome² wouldn't connect to most sites using HTTPS. I'd get an invalid certificate error. But it wasn't just browsers. iTunes also threw certificate errors left and right.

That's a problem, of course. Most of us use mission-critical sites over HTTPS every day. In my work, I use Harvest, Bitbucket, JIRA, GitHub, Amazon, Twitter and Trello. My email accounts and banks also use HTTPS.

So, I set about searching the web and especially Apple's Support Forums. Deep in the bowels of this thread, I found the fix: Delete all VeriSign Certificates in your login keychain.

1. Open Keychain Access (Applications → Utilities → Keychain Access).
2. Make sure login and Certificates (not "My Certificates") are selected.
3. Ctrl + click on each certificate and export it. We're backing things up just in case.

   

4. Ctrl + click on each certificate and delete it. You can also select all certificates at once and delete in a batch.

   

Don't touch anything else within Keychain Access. Open or restart your browser / iTunes / the App Store application. Problem (erm, hopefully) solved.

Firefox uses its own Mozilla CA Cert store rather than the system store. As a result, it was unaffected by this issue.