,

OS X Mavericks 10.9.2 Causes SSL Errors with Git and Bitbucket

,

I use git to protect myself from myself. When I write code for AVR, Arduino, iOS, OS X or even the web, I stick it in a git repository on bitbucket.org (it's free to have many private repos, so check it out) (thank you, Atlassian!). At the meltmedia office, we use the gitflow process of source code management to manage our projects and it works wonderfully. So, between home and the office, I use both github and bitbucket. Source code management ("SCM") is s-m-r-t smart and easy as pie (assuming making pies is indeed easy) with git. If I mangle the source code in my project, I can roll it back to a working state. If I want to try something out that will require major fiddling with the code in a project, I branch and fiddle. If it works, I merge it back in. If the experiment fails, I dump the branch like it never happened.

This post is the quick story about a couple of hours I lost thanks to a recent update to OS X Mavericks 10.9.2. Perhaps it will save someone some headaches, especially if they overthink things like I tend to do. If you have an avocado handy, it won't help much, but it won't hurt, either.

Using the following git command on OS X 10.9.2:

git push -u origin master

You see this error or something like it:

fatal: unable to access 'https://YourAccount@bitbucket.org/YourAccount/YouProject.git/': SSL certificate problem: Invalid certificate chain

That's not bueno at all. It's a problem with the DigiCert certificates used in OS X to verify Bitbucket.org and GitHub.com, er, whatever the proper technical description is for whatever SSL-type stuff that's going on there. Those details are not important to solving the problem.

The other nasty side-effect of this OS update was that Chrome was pitching a fit about those two websites, as well. It just flat-out would not load the pages from either github.com or bitbucket.org. Sadness.

Luckily for you, the fix will take only seconds. Sadly for me, it took a few hours of farting around the webs and reading through articles where people were not thinking about the problem from a Mac OS X standpoint. Here's the fix:

Mac OS X Keychain Access App Screenshot
Mac OS X Keychain Access App Screenshot

Go into you Keychain Access app, select "All Items" in the "Category" sidebar in the lower-left of the app's main screen, find the "DigiCert High Assurance CA-3" (not sure that the "-3" is always a 3; could be a "-1" or something) and the "DigiCert High Assurance EV Root CA" certificates and delete them.

We verified this worked on several different Mac computers. In Chrome, you may need to clear history and cache. At the very least, you will need to hold down the shift key and reload github.com or bitbucket.org to get that cleared up.

I hope this helped someone save some time.