2009 Mac Pro internet issues

[Happy4]

My Mac Pro, 2009 running El Capitan has ran just fine for years, but just recently it started to block websites that I visit daily with a "Your connection is not private" message and some other sites are scrambled as if there was a problem with the site, but everything works just fine on every other computer in the house.
This is happening with both Safari and Brave browsers. I've tried reinstalling my browser with no change. Any ideas?

 

[MacInWin]

That is a certification problem in the Internet created when a popularly used certification (not Apple) was allowed to expire. It appears that Safari, along with other browsers, caches the certificate hierarchies and verifies them when you return to the site. At that time the certificate in question is reported as expired and Safari throws up that message but doesn't seek a new certification path because of the cache. There is no fix AFAIK. There is no way to clear the cache, nobody has reported where it may be and so essentially we are stuck with it. If someone has a solution, it's being kept very quiet.

 

[pigoo3]

My Mac Pro, 2009 running El Capitan has ran just fine for years, but just recently it started to block websites that I visit daily with a "Your connection is not private" message and some other sites are scrambled as if there was a problem with the site, but everything works just fine on every other computer in the house.
This is happening with both Safari and Brave browsers. I've tried reinstalling my browser with no change. Any ideas?

I'm having the same issue (also have an older Mac Pro running El Capitan). I get the same problem with Chrome browser as well.

Member MacInWin spelled things out well...hopefully a solution is in the works.

Nick

p.s. Thread moved to better area (Desktops).

 

[pm-r]

but just recently it started to block websites that I visit daily with a "Your connection is not private" message and some other sites are scrambled as if there was a problem with the site,

I suddenly started getting the same messages about 2 weeks ago on my 201127" iMac running OS X 10.9 Mavericks and mainly using Google Chrome. And then they progressively gotten more and more and worse and worse. None of the solutions or suggested fixes that showed up with a Google search fixed anything properly, and I ended up figuring out a way to do it myself. BTW: a few sites started showing up on my wife's 2007 iMac running El Capitan using Firefox and Safari just a few days ago so I ran the same fix-it procedure as I will list below.

I discovered that when I got the"Your connection is not private" message, if you scroll down to the bottom of that window and click Advanced and then choose to carry on even though it says it might be unsafe to do so. That's assuming you do trust the site you are trying to access. The next time you go to visit that site, you probably won't get the warning page but the address will be showing red as not safe and no padlock etc. showing. If you want a more permanent fix and the site will show as trusted, carry on with what worked for me below.

Most of the problem certificates were listed in Keychain Access under System Roots and Category Certificates.
In the view menu, make sure to select "Show Expired Certificates". In the appropriately selected list they will now be shown with a red X in the Keychain access window.

Find the appropriate certificate name and double click it. Then click the "Trust" disclosure triangle and from the drop-down choice select "Always Trust" then provide your Mac username password and close the window.

The adjusted certificate will now have a blue circle with a white + mark in the middle. It may or may not disappear after a day or so but the site should work normally now.

Repeat the same procedure for any other certificate that might be giving you the same problem if you want a more permanent fixed.

I have no idea why the problem suddenly started for my and my wife's iMacs, and no sign of any problem when running Malwarebytes.

The settings should look like this when "fixed":


I hope this helps.


- Patrick
=======

 

[pm-r]

EDIT:
You should be able to see the site's certificate and name by clicking the address bar where the padlock would normally be and then the Certificate icon that should then display the certificate name that needs to be fixed. This example is from using Google Chrome:

 

[pigoo3]

Whew! Great to know Mac-Forums is good to go!

Haven't had any issues on my end (with Mac-Forums)...but sometimes never know what other folks are seeing around the world.

 

[pm-r]

Haven't had any issues on my end (with Mac-Forums)...but sometimes never know what other folks are seeing around the world.

No problems here with the Mac-Forums site or its certificate, I just happened to use it as an example and how to access the name of the certificate involved.

- Patrick
=======

 

[chscag]

Nice detective work Patrick!

 

[MacInWin]

Patrick, that work around can be dangerous. Yes, it works, but it does so because you are disabling the security system for those particular sites, one at a time. The problem was caused by a root level certificate that was allowed to expire and not renewed. Most sites have new lower level certificates that have a different path to a new root level certificate, but there seems to be a cache somewhere (not the one Keychain can see) where the certificates are stored. What your process does is to replace the certificates in that cache with your assurance that it's safe, even if it isn't. So the site appears, which is fine as long as nothing else goes wrong.

As I said, it works, but it is risky. Just want folks to know it isn't a solution, just a work-around that has that risk. There are other, even more risky, ways to make the problem go away, but they all share one thing--security checks are turned off.

Malwarebytes, DetectX Swift and any other scanner like Intego won't find anything because it's not malware, it's a cert that has expired and cascaded that failure through the system. I'm hoping that some wizard devises a way to clear the cache (wherever it is) and force the browsers to go looking again. I think it will have to be Apple, because I suspect the cache is in the secure part of the drive in Big Sur and probably Monterey.

 

[Rod]

I have had and had just yesterday that problem with visiting Airmail app Support Site of all things on Brave browser.
Searching for the site and going via the search result worked but the link in the Help menu did not. ¯\_(ツ)_/¯

 

[Happy4]

So, I think I've solved my issues. I updated my firmware to 5.1 and installed High Sierra.
Everything seems to be working fine now. I'll probably go to Mojave while I'm at it, but I might wait a day or two while I check things out.

 

[MacInWin]

So, I think I've solved my issues. I updated my firmware to 5.1 and installed High Sierra.
Everything seems to be working fine now. I'll probably go to Mojave while I'm at it, but I might wait a day or two while I check things out.

That set of actions emptied and erased the cache, so now when you go to a site, the browser fetches a new certificate, which has NOT expired. I had thought about doing that myself, but it's a drastic solution.

 

[Happy4]

That set of actions emptied and erased the cache, so now when you go to a site, the browser fetches a new certificate, which has NOT expired. I had thought about doing that myself, but it's a drastic solution.

I thought the same until I did it, but it was actually very easy to do, and it will allow me to hopefully get some more years out of this machine. Still works like a champ.

 

[MacInWin]

Oh, yes, I'm not critical of what you did, but for the average user the idea of a clean wipe and installation is a bit frightening. And for those who are not frightened by the prospect, it's still a real PITA to do.

 

[pm-r]

So, I think I've solved my issues. I updated my firmware to 5.1 and installed High Sierra.

What exactly is the "firmware 5.1" you installed???


- Patrick
=======

 

[Happy4]

Oh, yes, I'm not critical of what you did, but for the average user the idea of a clean wipe and installation is a bit frightening. And for those who are not frightened by the prospect, it's still a real PITA to do.

After the firmware update, the installation of High Sierra was just an update and all files and apps were still there. In fact, some of my apps had fresh updates that were not available before.

What exactly is the "firmware 5.1" you installed???


- Patrick
=======

I don't think I can post links, but a quick "2009 Mac pro firmware update" search will show you everything you need to know, and the links to go with it. The 2010 motherboards were the same as mine except for the firmware, like the bios on a PC. My Mac Pro now thinks it's a 2010 so I could update it with better processors and faster ram if I want to, but just having a newer OS on it is a bonus.
Nothing was lost, although I made sure to have a fresh Time Machine backup in case anything went wrong. I am by no means a super user or anything close, and I found it really easy.

 

[pigoo3]

What exactly is the "firmware 5.1" you installed???

It's a firmware update that can be used on 2009 4,1 Mac Pro's...and basically turns them into 2010 5,1 Mac Pro's.

This is a very handy update...since (officially) 4,1 Mac Pro's have a maximum macOS of El Capitan (10.11). With the 5,1 firmware update/upgrade...max macOS that can be installed is High Sierra (10.13).

Finally with a "metal" compatible graphics card...this same Mac Pro can/could be upgraded to macOS Mojave (10.14).

Nick

 

[pm-r]

What exactly is the "firmware 5.1" you installed???

a quick "2009 Mac pro firmware update" search will show you everything you need to know, and the links to go with it. The 2010 motherboards were the same as mine except for the firmware, like the bios on a PC. My Mac Pro now thinks it's a 2010 so I could update it with better processors and faster ram if I want to,

It's a firmware update that can be used on 2009 4,1 Mac Pro's...and basically turns them into 2010 5,1 Mac Pro's.

Thanks for the info.
I guess I didn't realize that some Mac models have such a legit Apple firmware update available. Too bad they are not available for more models.


- Patrick
=======

 

[chscag]

I guess I didn't realize that some Mac models have such a legit Apple firmware update available. Too bad they are not available for more models.

Firmware updates can be disastrous if not done right or if the wrong firmware inadvertently gets installed. You may wind up with a fancy looking brick.

 

[Rod]

Just a "silly" question here but does OnyX empty the cache in question, it has full system access?