This procedure is complicated, but you probably won't have to do all of it.
Please take each of the following steps that you haven't already tried until the issue is resolved. Back up all data before making any changes.
Step 1
Check the status of the service. If it's down, wait tor it to come back up. There may be a localized outage, even if the status indicator is green.
Step 2
Check that the date (including the year) and time shown by your system clock are correct.
Step 3
Restart your router and your broadband device, if they're separate.
Step 4
If you connect to the Internet through an HTTPS or SOCKS proxy server, follow the instructions in this support article, or deselect the proxy entirely.
Step 5
Start up in safe mode and test.
Step 6
Make sure Parental Controls aren't active for your account.
Step 7
Follow the instructions in this support article to change your DNS settings. If there's no change, revert the settings.
Step 8
If possible, test on a different network, such as a public Wi-Fi hotspot or the cellular network of your phone.
Step 9
Launch the Keychain Access application. In the Keychains list, there should be items named System and System Roots. If not, select
File ▹ Add Keychain
from the menu bar and add the following items:
/Library/Keychains/System.keychain
/System/Library/Keychains/SystemRootCertificates.keychain
Open the View menu in the menu bar. If one of the items in the menu is
Show Expired Certificates
select it. Otherwise it will show
Hide Expired Certificates
which is what you want.
From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate.
From the menu at the top, select
When using this certificate: Use System Defaults
Close the inspection window. You'll be prompted for your administrator password to update the settings. Revert all the certificates with non-default trust settings. Never again change any of those settings.
From the menu bar, select
Keychain Access ▹ Preferences... ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL.
Next, select the login keychain. Delete any expired or otherwise invalid certificates.
Log out, log back in, and test.
Step 10
Launch the Activity Monitor application. Select All Processes from the menu in the toolbar of the Activity Monitor window, if not already selected. Enter "ocspd" (without the quotes) in the "Filter" text field. Is a process with that name listed?
If not, back up all data, then triple-click anywhere in the line of text below on this page to select it:
/var/db/crls
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.
Move all the files in the folder that opens to the Trash. You’ll be prompted for your administrator password. Restart the computer, empty the Trash, and test.
Step 11
If you've moved to a different country, select
Store ▹ View My Account
from the App Store menu bar, then click
Change Country or Region
and update your billing information.