To locate the right certificate :
Just use Issued By and Expiration Date, search for certificate issued by DST ROOT CA X3, and expired around 29-30 sept 2021.
Install new certificate :
Download this : https://letsencrypt.org/certs/isrgrootx1.der
Double click it.
Then, Choose Local Machine, Next
Choose Place all Certificates in the following store, and then choose “Trusted Root Certification Authorities” folder
Thanks for this post. One point of clarification, in your “Right click, and press delete” I think could use some clarification that the user would ONLY be deleting the specific certs you referenced earlier – not the whole folder. Just a linguistic clarification.
That said, is the deletion even necessary? I would have thought you could just install the missing CA certs and be done with it.
Also note, this problem will repeat itself at some other time in the future, for those who are running out-of-support OSes.
@dokey@fofkla In Keychain Access (on my Mac) there is no ‘ISRG Root X1’ at all. Also no ‘DST Root CA X3’.
Problems are the same as before: half of the websites I cannot open anymore on BRAVE and I cannot watch films or programs anymore on CHROME.
So I really started to dislike BRAVE and CHROME for not caring at all to solve this, so that everyone can use it. Especially with CHROME. I depend on it, because programmers only use CHROME as standard for video films and video programs. Hope there will be other possibilities SOON…
Hi @liv Did you try ? ==> Install Mozilla FireFox and Export ISGR Root X1 CA ( settings->Manage certificates->view certificates->authorities->ISGR Root X1->export ) and Install it on Brave ( brave://settings/security → Manage certificates → install ).
The last bit will launch Keychain Access where you can import the ISRGRootX1.crt file you exported from Mozilla. Hope these precisions help. Good luck.
I can get under Privacy-Security to “Manage Security Settings: Manage HTTPS/SSL certificates and settings”. When I click on that I get to Key Chain Access. There is no ‘Import’ there, but there a ‘+’. If I click on that I get “Keychain Item Name:” and when I copy/paste the ISGR Root X1 nothing happens. I do not get the option to add this.
Maybe I should open System Roots? I did, but then I cannot use the ‘+’ to add ISGR Root X1 (that I copied from Firefox). Under ‘Certificates’ there are many already present and none of them is expired. Yet I do not see a way to add another certificate. The ‘+’ does not work.
Is there still a way to solve this?
Should I upgrade the Brave? Is this still possible for MacOs 10.10.5? Which one of these would still work with MacOs 10.10.5?
@fofkla,
Thank you for the very helpful video.
Users on macOS can also try the following solutions below which has solved the problem for other macOS users:
I don’t understand why Chrome/Brave doesn’t handle certificates like Firefox… This can save many hours for everybody… That’s why Firefox can continue to surf the internet without this kind of massive problem.
Right click on it and click Get Info, then click on Trust and the last step change the option of **When using this certificate ** to Always Trust after you do this you will be prompted to enter your password, after you have done all this close keychain access and then restart brave.
Not sure if anyone is still having this issue, but all I had to do to fix it was download and install security update for whatever version of windows you have. The file will be called KB####### with the #'s being numbers. Good luck citizen.