I can't open certain websites on my MacBook air. I say's this connection not private.
I can't open certain websites on my MacBook air. I say's this connection not private.
I can't open certain websites on my MacBook air. I say's this connection not private.
The issue is related to the DST Root X3 certificate has expired as of September 30. 2021. But there is a solution!
Two solutions:
The easiest way to do this is to transfer your System Root certificates from another Mac to which you have access that runs a more modern version of macOS.
#!/bin/bash
DIR=${TMPDIR}/trustroot.$$
mkdir -p ${DIR}
trap "rm -rf ${DIR}" EXIT
cat "$1" | (cd $DIR && split -p '-----BEGIN CERTIFICATE-----' - cert- )
for c in ${DIR}/cert-* ; do
security -v add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "$c"
done
rm -rf ${DIR}
What the script does is splits the .pem file into a number of certificates in the temporary directory concerned, then adds them as trustRoot certificates to the System key chain; they will then operate as trusted roots in addition to the certificates in the original "System Roots" keychain. In case you were wondering, you cannot add them to the System Roots keychain as that can only be updated by the operating system.
Note this copies over the first group of certificates ("Trusted Certificates" in the question), but not the second nor the third.
The issue is related to the DST Root X3 certificate has expired as of September 30. 2021. But there is a solution!
Two solutions:
The easiest way to do this is to transfer your System Root certificates from another Mac to which you have access that runs a more modern version of macOS.
#!/bin/bash
DIR=${TMPDIR}/trustroot.$$
mkdir -p ${DIR}
trap "rm -rf ${DIR}" EXIT
cat "$1" | (cd $DIR && split -p '-----BEGIN CERTIFICATE-----' - cert- )
for c in ${DIR}/cert-* ; do
security -v add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "$c"
done
rm -rf ${DIR}
What the script does is splits the .pem file into a number of certificates in the temporary directory concerned, then adds them as trustRoot certificates to the System key chain; they will then operate as trusted roots in addition to the certificates in the original "System Roots" keychain. In case you were wondering, you cannot add them to the System Roots keychain as that can only be updated by the operating system.
Note this copies over the first group of certificates ("Trusted Certificates" in the question), but not the second nor the third.
In case anyone is still affected, Firefox works fine, or to fix in Safari:
then when you visit an affected website the certificate will update in the browser to the correct/newer one "ISRG Root X1".
Unfortunately it's not helpful. First off because this website you link is also not visible. The problem resides with identrust dst root ca x3 certificate expiring. Suposedly all you need to do is update your OS but I can't seem to find a solution.
“the IdentTrust DST Root CA X3 — was set to expire on September 30. After expiry, computers, devices and web clients — such as browsers — will no longer trust certificates that have been issued by this certificate authority.”
in https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
darkstar2002 wrote:
I am also having problems with websites and facebook games... I have an older, 2009 iMac.... what can/should I do to fix this? There is nothing to update. Thanks.
These directions should get the certificate chain updated on a Mac running 10.11 or older:
smnnms wrote:
1. In case anyone is still affected, Firefox works fine…
Firefox has its own certificate store and will work with the newer root certificate. For Safari or any installed apps that might be making secure connections to a website or to some other network service using the Apple-provided certificates, not so much.
Thank you, got me sorted quite easily.
For a bit more detail there's later thread https://apple.stackexchange.com/questions/428460/how-to-update-my-root-certificates-on-an-older-version-of-macos-e-g-el-capitan
See the Mac section of https://osxdaily.com/2021/03/17/fix-safari-connection-not-private-warning-iphone-ipad-mac/
Not sure why -- I just tested that link in both the current version of Safari and the current version of Chrome on a Mac and had no issues with either.
I am also having problems with websites and facebook games... I have an older, 2009 iMac.... what can/should I do to fix this? There is nothing to update. Thanks.
I can't open certain websites on my MacBook air. I say's this connection not private.