Back up all data.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
In the Keychains list, there should be an item named System. If not, select
File ▹ Add Keychain
from the menu bar and add the following item:
/Library/Keychains/System.keychain
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu at the top, select
When using this certificate: Use System Defaults
Close the inspection window. You'll be prompted for your administrator password to update the settings. Revert all the certificates with non-default trust settings.
From the menu bar, select
Keychain Access ▹ Preferences ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Log out, log back in, and test.
