How to fix the invalid certificate error on your Mac
You might have noticed that when you visit some websites on your Mac, you get a warning that says, “the certificate for this server is invalid” and asks you what to do next.
The certificate in question is one used by your Mac to validate that a connection you are trying to make to a server is secure. If the certificate for that connection has expired or is invalid, macOS will warn you and ask you whether you want to continue, inspect the certificate, or cancel.
If it happens once or twice, it’s not too much of a problem, but if it happens on almost every website you want to visit, it’s a serious inconvenience. In this article, we’ll show you what to do when you see the warning.
Why does your Mac display an invalid certificate warning?
Certificates form part of the HTTPS protocol and are issued by an authorized certificate authority. macOS checks the certificate before it connects to a secure website. If the certificate is deemed not to be valid or to have expired, your Mac will display the warning. You can then choose to ignore the warning, inspect the certificate, or abandon the attempted connection.
One common cause of the warning is that your Mac’s date and time are incorrect – authenticating a certificate requires that your Mac’s clock is in sync with the clock on the server.
It can also happen if a website makes changes to the server it uses but your browser has cached the old server details.
How do I get my Mac to trust a certificate?
If you see the message often, here’re some ways to get your Mac to trust a certificate and fix the problem.
Clear the browser cache
The simplest and probably the most obvious reason why the invalid certificate error appears on a website is because the site has made changes to its domains. As your browser downloads pages from cache, it may cache obsolete pages. So, the first things you should do when you see that message is to clear the browser cache.
To clear cache in Safari, go to its Preferences page and then Advanced tap to enable the Develop menu. Then, click the Develop menu and choose Empty Caches.
There’s a quicker way to remove cache and other browsing data from all your browsers at once. CleanMyMac X can help you do that. This tool has lots of useful features for your Mac, and it’s notarized by Apple.
1. Download CleanMyMac X for free and install it.
2. Launch the app, go to the Privacy feature and press Scan.
3. Check and remove the browsing data.
This will remove outdated cache and help erase all traces of your online activity.
Verify the date and time on your Mac are correct
Time on your Mac should be in sync with the server your device is connected to. So, when you have the invalid certificate error, you need to check your date and time settings.
- Click on the Apple menu and choose System Preferences.
- Select Date & Time.
- Click the padlock and authenticate.
- Make sure the box next to “Set date and time automatically” is checked and that the server selected is the correct one for your location.
- Quit System Preferences.
Within a few minutes the issue should disappear.
Modify the trust settings
If fixing the date and time doesn’t solve the problem, the next step is to change the trust settings for certificates that are causing the problem. Most certificates will use default settings that will either mean that they are trusted or not trusted. Some certificates use custom settings because they are only required in specific circumstances and connections, and if these custom settings are set incorrectly, it can cause macOS to display an invalid certificate error.
You can set these certificates to be trusted in all circumstances or adjust the custom settings, but you should only do so if you know what connections the certificate is needed for.
How do I find certificates on my Mac?
- Go to Applications > Utilities and launch Keychain Access.
- Select the login keychain.
- Choose Certificates at the bottom of the sidebar.
You can ignore certificates that display a green tick when you click on them — they use default settings and are valid. If there are any certificates that display a red “X” when you click on them, right-click on the certificate and choose Delete. The certificate will be re-downloaded when it is next needed.
To edit settings for certificates with custom settings, look for certificates that have a white cross in a blue circle in their icon.
- Double-click the certificate to open its settings.
- Click the arrow next to Trust.
- Use the dropdown menus to make adjustments.
- Close the window.
- Quit Keychain Access when you’re done.
Delete the problematic certificates
If you’re not able to adjust the settings of a certificate that’s causing a problem, you can delete it. The certificate will be downloaded again the next time it is needed.
When you next see the error, take note of the name of the certificate. Then launch Keychain Access as we described and follow steps above.
You should only do this for certificates in your login keychain. Never delete certificates in System Root as this could cause serious problems for your macOS.
How to fix performance issues on your Mac with CleanMyMac X
There are a huge number of things that can go wrong while you use your Mac, from, thankfully rare, major disk failures to accumulations of smaller problems that build up over months and eventually cause your Mac to behave erratically or run more slowly. By performing regular maintenance and looking after your Mac, you can make sure it keeps running well for a long time. CleanMyMac X can help you do just that. And it’s really quick and easy to do.
- Download and install CleanMyMac X.
- Choose the Maintenance module.
- Press View all tasks.
- Select a task and press Run.
That’s it. That’s all you need to do to keep your Mac running happily.
The invalid certificate error on the Mac can be very frustrating, especially if it keeps appearing. However, there are several things you can do to fix it. Just remember only to edit or delete certificates in your login keychain and not the one called System Root. Changing certificates in that keychain could cause more problems.
Hope this article helped you to fix the error!