FixPedia
macOS -1202High

Fixing Invalid Certificate Error on macOS: Causes and Solution

The article explains what causes an invalid certificate error on macOS and provides step-by-step instructions to fix it, including setting trust in Keychain Access and checking system date.

Updated at February 17, 2026
5-15 minutes
Medium
FixPedia Team
Применимо к:macOS 11 Big Sur and aboveSafari 14.0+Chrome for macOS 90.0+Firefox for macOS 88.0+

What Does a Certificate Error Mean on macOS

A certificate error (often with code -1202, NSURLErrorServerCertificateUntrusted) occurs when macOS or a browser cannot verify the authenticity of a website's SSL/TLS certificate. This is a protective measure to prevent connection to potentially unsafe sites. The error is typically displayed as a warning in Safari, Chrome, or other browsers, blocking access to the site and indicating issues with the connection's encryption.

Common Causes

  1. Expired Certificate: The site's certificate has expired and was not renewed by the administrator.
  2. Self-Signed Certificate: The certificate is not signed by a trusted Certificate Authority (CA), so the system does not trust it.
  3. Domain Mismatch: The domain name in the certificate does not match the website address you are trying to visit (e.g., the certificate is for example.com, but you visited www.example.com).
  4. Incorrect Date & Time on Mac: If the system date or time is wrong, certificate validity checks can produce false positives.
  5. Missing Root Certificate: The system lacks the root certificate required to verify the trust chain, especially for new or rarely used Certificate Authorities.
  6. Network or Firewall Issues: Corporate firewalls or antivirus software may intercept certificates to inspect traffic, leading to trust errors.

Solutions

This method manually adds the certificate to macOS's keychain and sets it to be trusted. Suitable for self-signed certificates or those from private CAs.

  1. Open Keychain Access:
    • Press Cmd+Space, type "Keychain Access", and press Enter.
    • Or navigate to Applications → Utilities → Keychain Access.app.
  2. Find the Untrusted Certificate:
    • In the left panel, select the "System" or "Login" keychain.
    • In the certificate list, find the one with a red X or the warning "This certificate is not trusted". It is usually associated with the site's domain, e.g., server.example.com.
  3. Change Trust Settings:
    • Double-click the certificate to open its properties.
    • Click the arrow next to "Trust" to expand the settings.
    • For "When using this certificate", select "Always Trust".
    • Close the window – the system will prompt for an administrator password to make changes. Enter the password.
  4. Restart Your Browser:
    • Close and reopen your browser (Safari, Chrome, etc.).
    • Try visiting the site – the error should be gone.

⚠️ Important: Only trust certificates for sites you are confident about (e.g., internal corporate resources or test environments). Do not trust certificates from suspicious sites, as this could expose you to data theft.

Solution 2: Check and Correct Date & Time

Incorrect date or time is a common cause of certificate errors, as validity checks depend on the system clock.

  1. Open System Settings via the Apple  menu or Spotlight.
  2. Go to General → Date & Time.
  3. Ensure "Set date and time automatically" is enabled and the correct time zone is selected (e.g., "Moscow, St. Petersburg").
  4. If the date/time is incorrect, correct it manually or restart your Mac to sync with time servers.
  5. After correcting, restart your browser and try the site again.

Solution 3: Remove and Reinstall the Certificate (for Self-Signed)

If you are developing a site or using a self-signed certificate, it must be properly installed in Keychain Access.

  1. Remove the Old Certificate:
    • In Keychain Access, find the certificate in the "System" or "Login" keychain.
    • Right-click and select "Delete".
    • Confirm deletion, entering the administrator password when prompted.
  2. Obtain a New Certificate:
    • If it's from a developer, request a new file (usually .crt, .pem, or .p12).
    • For a self-signed certificate, regenerate it, for example, using OpenSSL: 
      # This will generate a self-signed certificate valid for 365 days
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
  3. Install the Certificate:
    • Double-click the certificate file.
    • In the dialog, choose where to add it: "System" for all users or "Login" for the current user only. For most cases, choose "System".
    • Enter the administrator password.
    • After installation, find the certificate in Keychain Access and set trust as in Solution 1.
  4. Restart your browser and check the site.

If you need urgent access to a test site and cannot trust the certificate, you can temporarily bypass the check. Use only for non-sensitive purposes like local development.

  • In Google Chrome:
    • When the error appears, click "Advanced", then "Proceed to site (unsafe)".
    • To permanently allow insecure localhost sites, type chrome://flags in the address bar, find "Allow insecure localhost", and enable it.
  • In Safari:
    • On the error page, click "Show Details", then "Visit this website". Safari will remember the trust for that session, but the warning may reappear on the next visit.
  • In Firefox:
    • Click "Advanced", then "Accept the Risk and Continue".

⚠️ Warning: Temporary bypasses disable certificate validation for a specific site or session, making you vulnerable to man-in-the-middle attacks. Never use them for entering passwords, payment details, or accessing personal information.

Solution 5: Update macOS Root Certificates

macOS updates its list of trusted root certificates via system updates. An outdated list can cause errors for certificates from newer CAs.

  1. Open System SettingsSoftware Update.
  2. Check for updates and install all, especially those marked "Security" or "macOS".
  3. After installing updates, restart your Mac.
  4. Try visiting the site again.

If the problem persists, the site's certificate may be signed by a new CA not yet added to macOS. In this case, the site administrator should provide the full certificate chain (including intermediate CAs) or use a certificate from a widely recognized authority.

Prevention

To avoid certificate errors in the future:

  • Keep Date & Time Current: Enable automatic synchronization in System Settings → Date & Time. Incorrect clocks are a primary cause of errors.
  • Install macOS and Browser Updates: Regularly update your system and browsers to receive the latest root certificates and security patches.
  • Be Cautious with Self-Signed Certificates: If you are a developer, install certificates correctly in Keychain Access and set trust only for necessary domains.
  • Do Not Ignore Certificate Errors on Known Sites: If you see an error on a bank or major service site, do not bypass it – the site may be compromised or you might have malware. Contact the site's support.
  • Verify the Certificate Chain (for Administrators): Ensure your web server (Nginx, Apache, etc.) is configured to send the full certificate chain, including intermediate CAs. Use tools like openssl s_client -connect example.com:443 -showcerts for diagnostics.
  • Use Trusted Certificate Authorities: For public sites, obtain certificates from widely recognized CAs (Let's Encrypt, DigiCert, GlobalSign) to avoid trust issues.

F.A.Q.

Why does an invalid certificate error appear on Mac?
How to temporarily bypass a certificate error in Safari on Mac?
Can certificate verification be completely disabled in macOS?
What to do if a website's certificate is expired?

Hints

Open Keychain Access
Find the untrusted certificate
Set trust
Restart the browser

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community