Cannot access HTTPS websites after OSX El Capitan upgrade

Question

After upgrading to OSX El Capitan, I can no longer securely access any webpage with a HTTPS protocol, such as online banking or online retail checkouts. This appears to happen in all browsers (attempted Chrome and Safari) on OSX El Capitan.

Accessing a URL with a "https://" protocol in Chrome produces a warning screen that reads "Your connection is not private", with a "Back to safety" button. While I can circumvent this screen through the "Advanced" options, that seems like a bad idea. Curious if anyone else has encountered this issue while upgrading to El Cap, and if so, what they did about it.

Answer 1

I came across this support forum here, which was extremely helpful:

https://discussions.apple.com/thread/7254070?start=0&tstart=0

While my individual certificate settings were already configured as that post describes, I did find some invalidated VeriSign certificates that needed to be deleted. My solution:

• Launch Keychain Access app.
• Go to "My Certificates" in the left rail. Step through each certificate listing in the right-hand panel, and look for a little red "X" with an "invalid certificate" notice in the description. Delete invalid certificates from Keychain Access.
• Go to "Certificates" in the left rail, and again follow the above process of deleting invalid certificates marked with a red "X".
• Quit Keychain Access, and restart.

The issue seems to be that El Capitan has much tighter security controls, so older certificates with weaker security are rejected by the operating system, but not deleted. Then when accessing a HTTPS website that you've been to before, the existing certificate is recognized but seen as invalid. By deleting all invalidated certificates, these certificates will be reissued the next time you visit.