Chrome on OS X 10.11 ("El Capitan") does not trust our certificates, because the certificate chain contains the GlobalSign Root CA certificate, which uses a SHA-1 signature algorithm.
OS X 10.11 is currently released as a developer preview. A public release date has not yet been set, but it is widely expected to occur sometime this fall.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | BBlack | T104681 HTTPS Plans (tracking / high-level info) | |||
| Declined | ori | T109029 Chrome on OS X 10.11 ("El Capitan") does not trust Wikimedia certificates |
I switched my Mac to El Capitan as well a week or two ago and ran into the same thing. It's a Chrome+ElCapitan bug that Chrome will eventually fix, not an issue with our servers/certs: https://code.google.com/p/chromium/issues/detail?id=499506 . (SHA-1 Root-level certs don't actually matter and aren't supposed to make Chrome Red-X our site).
FYI, as of El Capitan Beta 5 release + Chrome 44.0.2403.155, the issue seems to be resolved, although I'm not sure which update fixed it :)