When I go to any github.com page in Chrome, I get a big ugly error:

You attempted to reach github.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

You cannot proceed because the website operator has requested heightened security for this domain.

The same thing happens (in Chrome and with curl) when I go to https://www.digicert.com/ too. This strange problem started about a week and a half ago.

Here's what I see when I click the broken lock icon in the address bar:

GitHub.com is broken GitHub.com Certificate Information

But gist.github.com works just fine:

Gist.GitHub.com works Gist.GitHub.com Certificate Information

It doesn't work with curl either:

It doesn't work with curl

Everything works fine in Firefox.

How can I fix my root CA problem?

Here's what it looks like in Firefox:

enter image description here enter image description here


I noticed that the first certificate in the chain is different in my broken Chrome/Safari as compared to Chrome on my other computer.

enter image description here enter image description here

(There's no nasty red X anymore because I trusted it in Safari.) See how the issuers are different? What can I make of that?

  • There is a difference between *.github.com and github.com what browser are you using?
    – Ramhound
    Commented Jun 10, 2013 at 14:53
  • Chrome. It's broken in Chrome, but it works in Firefox. It doesn't work with curl. Commented Jun 10, 2013 at 14:58
  • Can you post the Firefox information that shows the certificate has no errors?
    – Ramhound
    Commented Jun 10, 2013 at 15:02
  • Added Firefox pictures at the bottom. Commented Jun 10, 2013 at 15:04
  • Same problem with digicert.com itself. Commented Jun 10, 2013 at 15:05

12 Answers 12


this worked for me:

Keychain.app > Preferences > General > Reset My Default Keychain


A less drastic option is to delete the DigiCert certificate from the login Keychain: you should already have one in the root keychain, anyway. This error appears to occur when the two do not match.

  • 3
    Seems drastic...
    – JLundell
    Commented Feb 26, 2014 at 1:47
  • 3
    I believe deleting the certificate in the login Keychain might work as well. If I've understood correctly, DigiCert is in the root keychain anyway. Worth trying before resetting. (Of course backup etc etc)
    – evacchi
    Commented Feb 26, 2014 at 8:36
  • Yes, that worked for me. Puzzle why it's in the login keychain. On examination, the two versions are not identical; curious where the login version came from.
    – JLundell
    Commented Feb 27, 2014 at 14:03
  • good to know, I'll update the answer.
    – evacchi
    Commented Mar 5, 2014 at 11:30
  • 3
    As an aside: similar problems might be caused by having an expired root certificate in one's Login Keychain, which overrides the updated certificates from the System Roots. To show those, enable "Show Expired Certificates" in the "View" menu.
    – Arjan
    Commented Jul 25, 2014 at 17:10

There is a new problem as of July 26h, 2014 when an old, apparently quasi-wide spread certificate expired.

Based on https://www.yesthatallen.com/fixing-an-old-digicert-issue/

Instructions for clearing expired DigiCert SSL certificate on OSX

  1. Launching Keychain Access via Spotlight
    • ⌘-Space
    • Type "Keychain Access"
    • Hit return
  2. Ensure expired certificates are shown; enable "Show Expired Certificates" in the "View" menu.
  3. Search for "Digicert".
  4. Right-click the certificate with a red X and select "Delete DigiCert High Assurance EV Root CA"
  5. The certificate may not look removed until Keychain Access is restarted
  6. Restart your browsers
You should once again be able to access the affected sites.


  • 2
    Removing the certificate didn't help, I've rebooted my computer. Issue persists. Any idea?
    – Aviel
    Commented Jul 27, 2014 at 11:13
  • 9
    Ok, I probably delete too many digi certificates, I went here digicert.com/digicert-root-certificates.htm and downloaded "DigiCert High Assurance EV Root CA" certificate.
    – Aviel
    Commented Jul 27, 2014 at 11:45
  • 1
    @Aviel Thanks, downloading and re-installing that cert did it for me.
    – Tim Scott
    Commented Jul 27, 2014 at 23:22
  • 1
    This worked like a charm for me, and also resolved the similar issue with safari (as you'd expect). I did need to restart Chrome though. Commented Jul 28, 2014 at 17:55
  • 1
    Great! This worked for me. Thanks @Allen Hancock :) Commented Jul 30, 2014 at 11:28

None of these answers worked for me. Instead, I found the DigiCert root certificates, downloaded them, and installed them manually by clicking on them in Finder.

Find them here under Checking the Intermediate Certificate Store: https://www.digicert.com/ssl-support/windows-cross-signed-chain.htm


I just tried John's solution, and it didn't help. Although in my case, I didn't find any of the "blue +" icons in Class.
So, all I did was delete the two cache files suggested and reboot.
In my case, I am trying to update an application in Macports, that uses git to connect to github to download the source, and that is giving the error. And, I see the error in Safari, but not in Firefox.

After the above I got in touch with DigiCert, and they were very helpful about getting it solved. In Keychain Access->System Roots Category: Certificates

DigiCert High Assurance EV Root CA->Trust->SSL change from: no value specified to: Always Trust GTE CyberTrust Global Root->Trust->SSL change from: no value specified to: Always Trust


For me, the problem was solved by starting the Keychain Access utility, selecting Keychain First Aid from the Keychain Access menu, and selecting Repair.

  • Clicking repair seems to have cleared all of my certificates so it might be a byproduct.
    – Gray
    Commented May 5, 2016 at 1:57

Had a issue with various SSL Certificates a while back, found that this works for 90% of those issues.

Delete the files /var/db/crls/crlcache.db and /var/db/crls/ocspcache.db. These can be found using Finder’s Go >; Go To Folder menu (Cmd + Shift + G). This resets the cache of accepted certificates in the system. It doesn’t remove them, it just forces the system to rebuild the caches upon restart.

Open Keychain Access (/Applications/Utilities/Keychain Access). Select Certificates in the Category picker on the left side. In the search bar, type in the word Class. Look through that list, and find any certificates that have a blue + symbol over their icon. These are the ones you need to modify.

Select one that has a blue +, and hit Command + I. Click the disclosure triangle beside the “Trust” list to show the list of permissions. Now, what we need to do is to set this certificate to use the system defaults. However, for some reason, when you select it, it doesn’t save. So what you need to do is this. Under “Trust”, where it says “Secure Sockets Layer (SSL)”, change the dropdown menu to say “No Value Specified”. Then, close the window. It will ask for your administrator permissions. Then, open the info pane for that certificate again. Under “Trust” again, now set the dropdown that says “When using this certificate:” to say “Use System Defaults”. You can then close out of the info pane, and enter your password again. Do this for any of the certificates that have a blue + on their icon. There should only be one or two at most.

Restart your system.

Let me know if that works, I would be curious if that works.

As ALWAYS have a back up using Time Machine, cause if it gets worse at least you can go back!


For those that removed the expired cert but still have the problem. Launch keychain access, go to the menu item for it, select "keychain first aid", run a check, run a repair, then run a check again to be sure. Problem should go away.


This helped me:

(chrome, OsX)

  1. Open Keychain.app
  2. Search "digicert" in the top-right corner of Keychain.app
  3. Select all digicert certificates and remove them with right click and context menu (http://screencast.com/t/2T4f1XQa0Xu)
  4. Go here http://digicert.com/digicert-root-certificates.htm
  5. Find on page and Download DigiCert High Assurance EV Root CA certificate
  6. When downloaded - click on it and install it into your keychain
  7. Restart your chrome

I followed Allen's tip but it did not work for me. So I try this. Looks like it works.

  1. Follow all Allen's steps.
  2. Open affected site on Safari (eg: github.com).
  3. It will promt you this alert box. Click 'Show Certificate'. enter image description here
  4. At 'When using this certificate:' dropdown, select 'Always trust'. All 2 dropdowns below will follow the same rule you have selected here. enter image description here
  5. Open up Chrome, try to access the affected site (eg: github.com).

I've tried this. Facebook loads normally. But, github loaded with no CSS. I get skeleton github. I do not know why this happen. But the connection is already established and okay.

Any idea guys?


After spending many hours trying to fix this I downloaded - Link;

  • DigiCert Global Root CA
  • DigiCert High Assurance EV Root CA
  • DigiCert Assurance ID Root CA

No idea if this good practice but its working for me. I'm running OSX 10.9.5 & Chrome 42.0.2311.152 (64-bit)


Work for me in MAC 10.10.3 1) Open keychain access 2) Search DigiCert High Assurance EV Root CA 3) Double click on DigiCert High Assurance EV Root CA 4) On windows DigiCert High Assurance EV Root CA select TRUST 5) change with pulldown menu on when using this certificate with ALWAYS TRUST DONE


Found the below online. I was sure it was some gag like how you used to trick someone into pressing ALT+F4 on Windows, but it worked for me and a co-worker:

  1. Click anywhere in the affected Chrome frame
  2. On the keyboard, type: danger

That's it, the page loads. The CSS doesn't load, so you just "View Source", click on the css file, and you'll see the error message again. Repeat the steps above and the CSS will display. Then refresh the Github page and all is good.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .