Seeing warnings about an expired SSL certificate?

If you’re seeing warnings in your web browser or mail program saying that an SSL certificate has expired (whether it’s for our tigertech.net site, for a site we host, or for millions of other sites completely unrelated to us, like dictionary.com), that’s happening because a “root” SSL certificate distributed as part of your computer operating system has expired.

This can happen if you’re using a computer or program that hasn’t been updated for at least five years (that’s when Microsoft, Apple and others started providing replacement certificates with their updates).

There are many pages online that talk about this in technical terms (here and here, for example), but the short answer to “how do I fix this” is to update your computer operating system if you can. That will fix everything.

If you can’t update your computer, you can use a recent version of the Mozilla Firefox web browser to avoid the problem when viewing websites. That works because Firefox includes its own updated root SSL certificates, instead of using the outdated ones that came with your computer and haven’t been updated.

If you’re using an old version of a mail program that shows an error, it may allow you to add an “exception” or check a box telling it to always trust the certificate anyway — it might look like this if you show the certificate details, for example:

If it doesn’t allow that, you can either disable SSL in the settings of that mail program (for example, by unchecking the “Use SSL” checkbox in older versions of Apple Mail), or you can use the Firefox web browser to read your mail using webmail. If you’re one of our customers, that’s at webmail.tigertech.net.

A fix for older Apple macOS computers

There’s also a slightly more complicated way to completely fix older macOS computers by adding the updated certificate to the “Keychain Access” app.

If you want to try this, first download the ISRG Root X1 certificate to your “Downloads” folder. Then double-click the downloaded “isrgrootx1.der” certificate file, which should open the “Keychain Access” app on your Mac and ask you for permission to “modify the system keychain”. Grant that permission.

If the “Keychain Access” app doesn’t automatically add the certificate, you can open “Keychain Access” manually, click System under “System Keychains”, click Certificates along the top of the window, then drag the “isrgrootx1.der” file into that window, again granting it access to modify the system keychain.

When the Keychain Access app shows that the ISRG Root X1 certificate is present, double-click it in the Keychain Access window and change the trust to “Always Trust”, like this:

After those changes, the Mac should be able to access the sites without errors.