Go back to home page of Unsolicited Advice from Tiffany B. Brown

Fix problems connecting to iTunes, App Store, or any HTTPS sites after upgrade to El Capitan (OS X 10.11)

TL; DR: Delete VeriSign certificates from your login keychain. Skip to how.1

Last week, I upgraded to El Capitan, the latest version of Apple's OS X operating system. The upgrade went smoothly, but I soon found that Safari and Chrome2 wouldn't connect to most sites using HTTPS. I'd get an invalid certificate error. But it wasn't just browsers. iTunes also threw certificate errors left and right.

That's a problem, of course. Most of us use mission-critical sites over HTTPS every day. In my work, I use Harvest, Bitbucket, JIRA, GitHub, Amazon, Twitter and Trello. My email accounts and banks also use HTTPS.

So, I set about searching the web and especially Apple's Support Forums. Deep in the bowels of this thread, I found the fix: Delete all VeriSign Certificates in your login keychain.

Figure 1: OS X's Keychain Access panel.

  1. Open Keychain Access (ApplicationsUtilitiesKeychain Access).
  2. Make sure login and Certificates (not "My Certificates") are selected.
  3. Ctrl + click on each certificate and export it. We're backing things up just in case.
    Screen shot of the OS X Keychain Panel
    Figure 2: OS X's Keychain Access panel.
  4. Ctrl + click on each certificate and delete it. You can also select all certificates at once and delete in a batch.
    Screen shot of the OS X Keychain Panel
    Figure 3: OS X's Keychain Access panel when deleting a certificate.

Don't touch anything else within Keychain Access. Open or restart your browser / iTunes / the App Store application. Problem (erm, hopefully) solved.

Firefox uses its own Mozilla CA Cert store rather than the system store. As a result, it was unaffected by this issue.