The latest Mac OSX El Capitan looks great! However, one of the Annoy things is since it updates all certificate root, it always gets problem in accessing internet, even for Apple’s own service, like apple.com, iTunes, etc.
The root cause of this is the new certificate root that El Capitan ships do not match all the current certificate roots. If you check the SSL error in Chrome, you can probably see this:
To fix it, you need to import the “old” certificate root which is missing here.
As shown above, the certificate root “VeriSign Class 3 Public Primary Certification Authority – G5” (expired in 2021) is missing. If you double check the current certificate root in El Capitan, you will see the current one expires in 2036.
Here is the way to fix it:
- Download the current one (expired in 2021) from Symantec CA website (https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO2550).
Open this link in Safari. And you will need to temporarily add the SSL of this link as
- Download the attachment
Symc_Cross_Root.txtand rename it to
- Open Keychain Access and choose System and category Certificate.
- From the menu bar, choose File > Import Items.
Symc_Cross_Root.cer. And you should see the “new” certificate root “VeriSign Class 3 Public Primary Certificate Authority – G5” added.
- Double click this certificate. From the certificate information window, click the arrow by “Trust”.
Always Trustfor the dropdown “When using this certificate”.
- The certificate should have a blue
OK, now you are free to go.