SSL Certificate Error on macOS: How to Fix in 5 Steps

What an SSL Certificate Error Means on macOS

An SSL (Secure Sockets Layer) certificate error on macOS occurs when a browser or application cannot establish a secure connection with a website due to issues with the SSL certificate. Common error messages include:

• "SSL Certificate Error"
• "NET::ERR_CERT_DATE_INVALID" (in Chrome)
• "Invalid security certificate" (in Safari)

This error appears when trying to access HTTPS websites and blocks the page from loading, warning of potential security risks. It is not browser-specific—it can occur in Safari, Chrome, Firefox, or other applications that use macOS system certificates.

Causes

1. Incorrect date and time on your Mac. If the system date and time are wrong, SSL certificates may appear expired or not yet valid. This is the most common cause.
2. Expired or self-signed website certificate. The website owner hasn't renewed the certificate, or a self-signed certificate is used that isn't trusted by Apple.
3. Missing root certificate in the system. macOS lacks the necessary root certificate to verify the website's certificate. This often happens after a system update or when using less common certificate authorities (e.g., Let's Encrypt before 2021).
4. Network or firewall issues. Network devices, corporate proxies, or firewalls may intercept SSL connections and replace certificates with their own.
5. Outdated certificates in Keychain Access. The macOS keychain may contain outdated or corrupted certificates, especially after an OS update.
6. Blocking by antivirus or parental control software. Some security programs scan SSL traffic and present their own certificates, causing conflicts.

Method 1: Check and Fix Date and Time

The most frequent cause of SSL errors is incorrect date and time. Fix this:

1. Open System Settings → General → Date & Time.
2. Ensure the date and time are set correctly. Enable Set automatically to let the system sync with Apple's time servers.
3. If the option is unavailable, click the lock icon at the bottom left, enter an administrator password, and enable it.
4. Restart your browser and try accessing the site again.

⚠️ Important: If you're traveling or changed time zones, verify that the time zone is also set correctly.

Method 2: Update Root Certificates via Keychain Access

Keychain Access manages macOS certificates. Update them:

1. Find and launch Keychain Access (in the Utilities folder or via Spotlight by pressing Cmd+Space and typing "Keychain Access").
2. From the menu, select Keychain Access → Update Root Certificates.
3. Wait for the updates to download and install. This may take several minutes, especially on first launch.
4. Restart your browser and check the site.

💡 Tip: If "Update Root Certificates" is inactive, ensure the System keychain is selected in the left panel. Also verify you have an internet connection.

Method 3: Clear Browser Cache

Sometimes the browser cache stores outdated SSL data. Clear it:

• For Safari:
  1. Open Safari.
  2. From the menu, select Safari → Clear History....
  3. Select all time and click Clear History.
  4. Also go to Safari Settings → Privacy → Manage Website Data... and remove data for the problematic site.
• For Google Chrome:
  1. Open Chrome.
  2. Go to Settings → Privacy and security → Clear browsing data.
  3. Select All time, check Cached images and files and Cookies and other site data, then click Clear data.
• For Firefox:
  1. Open Firefox.
  2. From the menu, select Firefox → Settings → Privacy & Protection.
  3. Under "Cookies and Site Data," click Clear Data... and select "Cached Web Content."

After clearing, restart your browser.

Method 4: Manually Reinstall Root Certificates

If previous steps didn't help, add missing certificates manually:

1. Identify which certificate is missing. Open the site in your browser, click the lock in the address bar, and select Certificate (or similar). In the "Trust" tab, check the issuer (Issuer). For example, "Let's Encrypt," "DigiCert," "GlobalSign."
2. Download the root certificate from the certificate authority. Official sources:
   • Let's Encrypt
   • DigiCert
   • Apple Trust Store (list of Apple-trusted root certificates).
3. Launch Keychain Access.
4. Drag and drop the downloaded .cer or .crt file into the Keychain Access window. Or use File → Import Items.
5. Select the "System" keychain from the list on the left and click Add.
6. Enter an administrator password to confirm.
7. After adding, double-click the certificate in the list, expand the Trust section, and set When using this certificate to Always Trust.
8. Close Keychain Access and restart your Mac.

Alternative via Terminal (for advanced users):

Open Terminal (in Utilities) and run the command, replacing the path as needed:

# Add certificate to system keychain
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /путь/к/сертификату.cer

# Example for Let's Encrypt (first download the isrgrootx1.cer file)
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Downloads/isrgrootx1.cer

After running, enter your administrator password. Restart your browser.

Method 5: Temporarily Disable SSL Verification (for Diagnostics)

Caution: This is insecure and only recommended for temporary diagnostics or local tests. Never use on production sites!

• In Safari: When an error appears, click Visit this Website (if available). To disable completely, enable the developer menu: Safari → Settings → Extensions → check "Show Develop menu in menu bar" at the bottom. Then in the Develop menu, disable Secure Connections. After diagnostics, revert the setting.
• In Chrome: Enter chrome://flags in the address bar, search for "Allow insecure localhost" or "Secure DNS" and disable temporarily. For specific sites, you can add an exception by clicking "Advanced" → "Proceed to site (unsafe)."
• In Terminal (for curl or other utilities): use the -k or --insecure flag, e.g., curl -k https://example.com.

After diagnostics, revert settings and apply a permanent solution from the methods above.

Prevention

To avoid recurring SSL errors on macOS:

• Keep your system updated: Regularly install macOS and browser updates via the App Store and System Settings → Software Update. Updates often include new root certificates.
• Check date and time: Ensure automatic date and time setting is enabled. If you replaced a CMOS battery (on older Macs), the date may reset.
• Don't ignore SSL warnings: If a site shows an error, don't bypass it without understanding the cause. This could indicate real threats like man-in-the-middle attacks.
• Regularly update root certificates: Although Keychain Access updates automatically, you can periodically run "Update Root Certificates" manually (see Method 2).
• Use reliable sources: Download certificates only from official certificate authority websites. Avoid unknown sources.
• Monitor corporate settings: If you use a Mac on a corporate network, your administrator may have installed special certificates. Contact your IT department for updates.

If the problem persists after all steps, it may relate to network settings, antivirus, or firewall. Temporarily disable them for diagnostics. For complex cases, contact Apple Support or your network administrator.