You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Security Update 2015-004 trashes Apple.com SSL Certificate on Mavericks

Yesterday I installed the Apple Security Update 2015-004 1.0 on a variety of systems. One of those an Mac Pro 2008 with OS X 10.9.5 Mavericks could afterwards not access Apple.com anymore e.g. this site https://discussions.apple.com !!!


Safari: Error invalid Certificate

iTunes 12.1.2 no access to the iTunes Store: Error invalid Certificate

App Store.app: does not do anything and doesn't display any error


I restored the whole machine from TimeMachine backup from a day earlier - everything fine...

Tried to install the Security Update 2015-004 one more time - same problem it trashes the Apple Certs !


ps: the same security Update worked on other Mavericks systems, e.g. on an iMac 27" Late 2013, iMac 27" mid 2014, MacBook Pro Retina, 15-inch, Early 2013, but not on the MacPro 2008 ?


What to do ?

Posted on Apr 11, 2015 7:36 AM

Reply
Question marked as Top-ranking reply

Posted on Apr 11, 2015 4:52 PM

Had the same exact problem. I am not sure if the following is wise, but it seems to have fixed it. I went to http://discussions.apple.com in safari and looked at the certificates. It was not trusting the top level VeriSign Class 3 .. G5 certificate. I accepted it and everything is fine. The one in the original keychain of a similar nature seems to be a G3 certificate. Not sure if the G5 was there or not initially. But it seems to be the same certificate as I have on another computer. Exported, Dropboxed it, and imported it. Had to set trust levels. Also deleted it and everything still was fine. I don't know enough about certificates to know if any of this makes sense, but it fixed my problem and I am using a certificate that was trusted by my system on another computer.

8 replies
Question marked as Top-ranking reply

Apr 11, 2015 4:52 PM in response to Netmik

Had the same exact problem. I am not sure if the following is wise, but it seems to have fixed it. I went to http://discussions.apple.com in safari and looked at the certificates. It was not trusting the top level VeriSign Class 3 .. G5 certificate. I accepted it and everything is fine. The one in the original keychain of a similar nature seems to be a G3 certificate. Not sure if the G5 was there or not initially. But it seems to be the same certificate as I have on another computer. Exported, Dropboxed it, and imported it. Had to set trust levels. Also deleted it and everything still was fine. I don't know enough about certificates to know if any of this makes sense, but it fixed my problem and I am using a certificate that was trusted by my system on another computer.

Apr 12, 2015 4:25 AM in response to jostylr

So I just updated another machine and it also broke. I went into keychain, the Verisign G5 certificate was there (login item and Certificates highlighted in keychain on left sidebar). I clicked on the G5 certificate, clicked on trust and changed from system defaults to always trust. Everything worked fine after that. It appears that it is the same certificate as before. I suspect they just broke what the system default was for that certificate and/or intended to break it but failed to update the certificate.

Apr 15, 2015 9:09 PM in response to jostylr

Next question is -- what happens when there's a new update found by Software Update.app?


In my case (on Mavericks 10.9.5) -- the CSS isn't working, so I see information but not presented properly, and when I click the `apply update` button, I get prompted to log in -- which fails to connect, so fails to authenticate, so no update for me. (One downside to App Store distribution -- when App Store is broken, *nothing* gets an update.)

Apr 21, 2015 8:24 PM in response to Ted Thibodeau Jr

Still an issue for me...


Tonight, Message Center announced there was an update waiting -- and when I went in to Software Update…, it displayed correctly!

And when I clicked update, it prompted for AppleID and password, for which ... connection failed.

So no AppStore updates nor new apps can be installed.

I'm astonished this is still going on more than a week later!

May 4, 2015 7:59 PM in response to Netmik

Solved! At last!


I cannot say exactly which step was the key, so here are most of the steps I took. Hopefully this helps someone.



1. Took the steps in Invalid or incorrect Certificates including reboot.
2. Took the steps in Edit your Keychain including reboot.
3. Downloaded and manually reinstalled Security Update 2015-004.

4. Repaired permissions and directories with Recovery reboot.

5. Took the steps in Invalid or incorrect Certificates including reboot.

6. Took the steps in Edit your Keychain including reboot.


I've gone through some of these steps multiple times, just hoping it would work that time...


Today -- when I went into Mail.app, it whined about the certs for me.com servers -- so I made *that* always trusted. And this time, iTunes.app didn't complain about any certs! And this time, Software Update.app didn't complain about any certs! And it successfully applied the three-week delayed updates!


So I'm hoping it's all done and done. OMG, frustrating along the way!

Oct 14, 2015 2:57 PM in response to Netmik

I believe the biggest problem here is the (incorrect) notion that the certificate is invalid.


I own several servers on a rack over at the planet, I run 4000 domain websites, (there is no way I am paying high prices for a (authority) SSL certificate when I can produce my own perfectly valid, (yes valid) SSL certificate, since I am the only one using the certificate it should not be a problem.


My question here is why is this a problem for APPLE...


(is it possible that APPLE, owns some of these "authority" Signed Services?


Seriously, IF I am using my own server and I am connecting my own computer and both SSL certificates originated from my one computer.


WHY is apple so worried about what might happen?


(What I did to solve this issue?) Simple I stopped using MAIL.APP


Should I stop using Apple as well, ? Tell me I hear Linux is quite nice and does not have this problem at all and its FREE...


(also don't preach to me about freedom, when I spend hours of my time on trying to fix a programming hang issue, Its not FREE)

Security Update 2015-004 trashes Apple.com SSL Certificate on Mavericks

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.