macOS / Mac OS X Invalid SSL

Occasionaly older MacOS / Mac OS X systems may not have the required SSL certificate chains needed to access SuperControl and will result in an SSL error indicating that your connection to this site is not secure.

The easiest solution is to upgrade your OS X installation - this usually resolves the issue and ensures your Mac has all the latest security updates. If this is not possible then the following instructions should enable you to use SuperControl in a secure way without having to forceably accept the certificate.

Applies to:

  • OS X El Capitan 10.11
  • macOS Sierra 10.12
  • macOS High Sierra 10.13
  • macOS Mojave 10.14
  • macOS Catalina 10.15

Components affected:

  • Safari
  • Google Chrome
  • Mozilla FireFox
  • Apple Keychain Access

Prerequisites:

  • Basic Mac knowledge, downloading and opening files
  • Basic Keychain Access knowledge

To resolve this issue please follow the steps below.

Care should be taken when following these steps.  Should you have any questions please raise a support ticket.

Error example

In Safari the following error will be shown:

Or on later versions of Safari:

Selecting Show Certificate / Show Details will indicate that the SSL Certificate is invalid:

Software update

Ensure all software updates are installed for your version of macOS / OS X via Software Update.

Download and install certificate chain

Visit https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rfBO

If you receive a SSL error click Show Details and visit this website and confirm that you wish to visit this website.  You may be prompted to enter your password to allow this.

Scroll down to Extended Validation and select [Download] Sectigo RSA EV Bundle [ Intermediate + Cross Signed ].

When redirected, click on the Download link at the top of this page:

Once downloaded - click on the newly downloaded file to open it:

This should open up Keychain Access where you can add the new certificate bundle - accept the defaults and click add.

Reloading SuperControl in your browser should now accept the SSL certificate an no errors will be shown.

All browsers will now recognise the SSL certificate used by SuperControl - no further action is required for Google Chrome or Mozilla FireFox.

Optional steps

For additional compatiability you can also download the following certificate bundles following the steps above to add these to your system:

  • [Download] Sectigo RSA DV Bundle [ Intermediate + Cross Signed ]
  • [Download] Sectigo RSA OV Bundle [ Intermediate + Cross Signed ]
  • [Download] SHA-2 Root : USERTrust RSA Certification Authority

Optional - delete untrusted USERTrust RSA Certification Authority from Keychain Access

In the Keychain Access app search all items for USERTrust:

Right click and select delete.

0 Comments

How can we make this page better for you?

E-Mail me when someone replies to this comment