TL; DR: Delete VeriSign certificates from your login keychain. Skip to how.1
Last week, I upgraded to El Capitan, the latest version of Apple's OS X operating system. The upgrade went smoothly, but I soon found that Safari and Chrome2 wouldn't connect to most sites using HTTPS. I'd get an invalid certificate error. But it wasn't just browsers. iTunes also threw certificate errors left and right.
That's a problem, of course. Most of us use mission-critical sites over HTTPS every day. In my work, I use Harvest, Bitbucket, JIRA, GitHub, Amazon, Twitter and Trello. My email accounts and banks also use HTTPS.
- Open Keychain Access (Applications → Utilities → Keychain Access).
- Make sure login and Certificates (not "My Certificates") are selected.
- Ctrl + click on each certificate and export it. We're backing things up just in case.
- Ctrl + click on each certificate and delete it. You can also select all certificates at once and delete in a batch.
Don't touch anything else within Keychain Access. Open or restart your browser / iTunes / the App Store application. Problem (erm, hopefully) solved.
Firefox uses its own Mozilla CA Cert store rather than the system store. As a result, it was unaffected by this issue.