SSL certificate verification failure in Chrome, Heartbleed bug?

Posted on

Problem :

For some reasons I’m running into SSL problems since a few days.
When trying to clone a git repository for example I receive the following error message:

fatal: unable to access 'https://someuser@bitbucket.org/somerepo.git/': SSL certificate problem: Invalid certificate chain

I was able to solve this issue by setting the following configuration option:

git config --global http.sslVerify false;

But when I try to access github.com or bitbucket.org through chrome I get the following:

HSTS failure

certification failure
certification failure

Unfortunately it’s in german but in short it says that the connection is affected by something. The failure type is HSTS failure. The second screen says that the certificate was signed by a unreliable deliverer.

I’m using Chrome (34.0.1847.116) on a Mac (OS X 10.9.2 (13C64)).

Any suggestions what could cause this issue or how to solve it?

Solution :

i’ve got the same problem since weeks (!), exactly same setup (chrome / mac os – newest versions), also from germany. anybody an idea?

workaround: use safari or firefox.

seems to be a chrome specific problem.

– update –

here is the solution:

https://productforums.google.com/forum/#!topic/chrome/Duu4y-d-PIU

  • delete false certificates
  • will be correctly recreated by system on reboot

This other answer helped me: https://superuser.com/a/788547.

It’s Mac OS X related, and it helps solving a problem that affects chrome in a similar way (with Github) because of a certificate that expired on July 26th 2014.

The steps that worked for me:

  1. Open Keychain (Applications / Utilities / Keychain)
  2. Go to Presentation -> Display expired certificates
  3. Find the “DigiCert High Assurance EV Root CA” certificate
  4. Close Chrome
  5. Download back this certificate from : https://www.digicert.com/digicert-root-certificates.htm
  6. Drag it to your “Session” keychain
  7. Restart Chrome
  8. Go to github, should be solved!

I’ve been having similar issues.

Try synchronizing your system clock with an internet time server. SSL connections check the date and time of the system so doing this fixed it for me.

This is what worked for me (mac, not able to open github):

  1. Open Keychain
  2. Select “View” -> “Show Expired Certificates”
  3. In the search box, type “Digi”. This should be enough to show any/all DigiCert certificates.
  4. Delete any certificates that have a red “X” icon (these are expired).
  5. Navigate to / reload GitHub. You should be allowed access.

Worth noting, I did not need a restart of Chrome or the OS.

Leave a Reply

Your email address will not be published. Required fields are marked *