Yosemite 10.10.3 breaks some applications and HTTPS sites

The latest Yosemite update dropped the Geotrust/Equifax root certificate from its root store. Here's how to fix the problem

OS X Yosemite desktop 2

No one who has any experience with Apple was surprised when Mac OS X Yosemite 10.10 broke dozens of applications. Software developers had been working with Yosemite betas for months, so most had compatible versions of their applications ready for download within a day or two of Yosemite's release. Vendors of specialized applications often take longer, as InfoWorld's Paul Venezia discovered.

On the other hand, users and software developers alike expect minor version upgrades to fix bugs and introduce only new features that don't break stuff. But that's not the case with Yosemite 10.10.3, which broke a number of HTTPS websites, Web services, and applications that download content from those sites and services. 

I personally tripped over such a bug in Tableau Desktop: The application's Discover pane suddenly stopped working. The software developers at Tableau tracked the problem down to Apple, which had unilaterally dropped the Geotrust/Equifax root certificate from its root store. Tableau will upgrade the certificate on its site, but it shouldn't have to, as Geotrust warned vendors that the certificate was still in use (italics mine):

This root CA was the root used for all non-EV GeoTrust SSL Certificates up until July 22, 2010. This root will be needed to validate GeoTrust SSL certificates for many years to come and may still be used as part of a cross certification to ensure legacy applications continue to trust GeoTrust certificates. This root must continue to be included in root stores by vendors. Vendors should not plan on removing support for this root until officially advised that the root is no longer needed to support certificates or CRL validation.

Should you have such a problem, try the following workaround, which is entirely safe, but requires administrative permissions:

  1. From your Mac go to https://www.geotrust.com/resources/root-certificates.
  2. Download the cert: Root 1 - Equifax Secure Certificate Authority.
  3. From your Downloads folder, click the Equifax .pem file.
  4. When prompted to confirm adding the cert, in the Keychain app select System and click Add.
  5. Enter your password as prompted to modify the system keychain
  6. When asked if you want to trust certs signed by Equifax... from now on, click Always Trust.
  7. Enter your password to confirm this selection.
  8. Close and reopen your application or Web browser.

Note to Apple: It shouldn't be this hard. Total control over your own ecosystem was suppose to prevent this sort of nonsense, wasn't it? 


Copyright © 2015 IDG Communications, Inc.

How to choose a low-code development platform