Apparently using an old "GlobalSign Root CA" Security Certificate in Chrome, but the one in

Question

Level 1

0 points

Apparently using an old "GlobalSign Root CA" Security Certificate in Chrome, but the one in

Hi All,

I'm dealing with this very frustrating issue, and I am at my wit's end. I use the 'HTTPS Everywhere' extension on Chrome. It's wonderful, except the past two months, I've been getting issues with certain sites. It will warn me not to enter since the website's security certificate is expired or invalid.

Exhibit 1:

When I click on the lock in the URL bar, it mentions the old GlobalSign Root CA certificate that expired in January 2014.

Exhibit 2:

The thing is, when I look in the security certificates in my keychain, that certificate doesn't exist, and instead, I have the updated one that expires in January 2028.

Any idea on how to fix this? It happens with any website that uses GlobalSign Root CA. Sure, I could turn of HTTPS Everywhere, but I feel like that's a bit extreme of an option.

Thanks in advance for your help!

Posted on Jan 27, 2015 2:42 PM

Reply

Answer 1

Kim Kwan

Level 1

5 points

Jun 19, 2015 10:15 PM in response to kpburke

I'm trying to figure this out as well.

The 2014, expired GlobalSign certificate is actually still in Keychain Access. It's under System Roots, and you need to Show Expired Certificates from the View menu.

On my install of Yosemite 10.10.3, there's also a valid GlobalSign cert in System Roots. That one will expire in January 2028.

What I don't understand, though, is why some sites use the old cert rather than the new one. For me, when I go to Wikipedia, it's checked against the 2028 certificate, and therefore loads fine. But other sites/domains are checked against the old one, like SoundCloud and membership.theguardian.com.