30

Since the update to OS X 10.9.2 I am not able to clone any git repository from github.com

If I run the git clone command I get the following error:

git clone https://github.com/davedelong/DDMathParser.git
Cloning into 'DDMathParser'...
fatal: unable to access 'https://github.com/davedelong/DDMathParser.git/': SSL certificate problem: Invalid certificate chain

It does not matter which repository I use. I also tried it with the Github desktop client.

So I check the SSL certificate from github.com via Safari and got the info, that the ssl-cert is not valid.

Here is a screenshot of my problem: https://dl.dropboxusercontent.com/u/215017/github_problem.png

Any ideas? Is my SSL certificate broken?

patrickS
  • 1,587

6 Answers6

41

I recently (Jul 2014) had a similar issue and found on OS X (10.9.4) that there was a "DigiCert High Assurance EV Root CA" certificate had expired (although I had another unexpired one as well).

  1. Open Keychain Access
  2. search Certificates for "DigiCert"
  3. View menu > Show Expired Certificates

I found two certificates named "DigiCert High Assurance EV Root CA", one expiring Nov 2031 and the expired one at July 2014 (a few of days previously). Deleting the expired certificate resolved the issue for me.

Hope this helps.

craigb
  • 518
  • 1
  • 4
  • 5
13

I fixed my problem by checking my Keychain (Application -> Utilities -> Keychain Access.app)

I figured out that I had a own Digicert Certificate in my loging Keychain. It looks like this was broken. I have removed it and after this everything works fine.

Now https://github.com has a green "button" in the url bar instead of an grey one.

patrickS
  • 1,587
6

Go to the Keychain in OSX and look for "Digicert High Assurance EV Root CA-1" and remove it. Then access Github again vía Safari.

Try whatever git operation after that and it should work.

Hope it helps.

frandevel
  • 168
4

EDIT: Looks like @craigb's answer is the same solution. I'll leave my answer here because it links to official blog posting on how to fix and has a screen shot.

Using GitHub for Mac on OS X Mavericks, out of the blue, on my laptop and my work computer, I started getting the below errors …

Here's the error I got for cloning:

warning: templates not found /Applications/GitHub.app/Contents/Resources/git/templates fatal: unable to access 'https://github.com/mhulse/xxxxxx.git/': SSL certificate problem: Invalid certificate chain (128)

… and here's the error I get for syncing:

fatal: unable to access 'https://github.com/mhulse/xxxxxx.git/': SSL certificate problem: Invalid certificate chain (128)

Long story short, I just found this post which has this explanation and fix:

The expired certificate in question is the “DigiCert High Assurance EV Root CA” [Expiration July 26, 2014] certificate. This temporary intermediate certificate was used in years past as part of a compatibility chain for older devices.

...

OS X users can resolve the issue by deleting the certificate from their Login keystore using Keychain Access.

Here's a 4-step fix:

In Keychain Access go to View -> Show Expired Certs and search for ‘DigiCert High” to find the DigiCert High Assurance EV Root CA that expired on July 26, 2014. Delete this certificate and close Keychain Access.

fix keychain access

That fixed the problem for me!

Community
  • 1
mhulse
  • 149
0

Thought I should mention this: I recently had to update curl, wget and openssl for some Linux boxes, in order to use the TLS-1.2 crypto stuff (old default was TLS 1.0). Fired up the Macbook, & I got error with "git clone" also. But SSL/TLS is OK there. Git said: "fatal: unable to access '': SSL certificate problem: Invalid certificate chain". Tried everything above, deleted expired certs from system keychain, etc., but still error msg from git clone attempts. Went thru a real exercise checking everything. Finally I noticed in the MacOS keychain.app prgm, that a 2015 certificate and a 2017 cert were both showing as not expired.

Turns out the Macbook system date was set to "Feb. 2015" (current date is Feb. 20, 2020!) Once I just reset the laptop's date, "git clone" and "git pull" worked fine. (Just click on date, on top right screen, select: "Open Date/Time Preference", and set your machine date to update automatically by checking the box. I had a self-signed cert that had expired in 2017 or something, and I think I might have set the date back, to get something from Apple, related to their Developer Account stuff. This is such a silly mistake. Always make sure the landing gear is down, before landing.

gemesyscanada
  • 111
-2

In my case, adding or removing intermediate certs is not enough to solve the problem. I had to remove all certificates by unknown authority in the Login Keychains. It isn't shown by the icon, you have to highlight each one to see something like this:

this picture

These certs were added when you click "Continue" to a browser warning. Hope this additional info helps.

8bittree
  • 2,958
Adinda
  • 101