Page MenuHomePhabricator

Chrome on OS X 10.11 ("El Capitan") does not trust Wikimedia certificates
Closed, DeclinedPublic


Chrome on OS X 10.11 ("El Capitan") does not trust our certificates, because the certificate chain contains the GlobalSign Root CA certificate, which uses a SHA-1 signature algorithm.

Screen Shot 2015-08-13 at 17.33.57.png (1×670 px, 197 KB)
Screen Shot 2015-08-13 at 17.34.12.png (1×1 px, 190 KB)

OS X 10.11 is currently released as a developer preview. A public release date has not yet been set, but it is widely expected to occur sometime this fall.

Event Timeline

ori raised the priority of this task from to Needs Triage.
ori updated the task description. (Show Details)
ori added projects: acl*sre-team, HTTPS.
ori added subscribers: ori, BBlack, Dzahn and 2 others.

I switched my Mac to El Capitan as well a week or two ago and ran into the same thing. It's a Chrome+ElCapitan bug that Chrome will eventually fix, not an issue with our servers/certs: . (SHA-1 Root-level certs don't actually matter and aren't supposed to make Chrome Red-X our site).

ori claimed this task.

Upstream bug.

FYI, as of El Capitan Beta 5 release + Chrome 44.0.2403.155, the issue seems to be resolved, although I'm not sure which update fixed it :)