Ever since GlobalSign screwed up and revoked a bunch of correct HTTPS certificates on 13th October, the Guardian website has been rendering as HTTP on my laptop. That means no images, and, worse, ugly fonts.
It’s not been a huge problem, because it didn’t affect the iOS apps, and I expected that it would spontaneously revert at some point. But today I lost patience and decided to investigate properly.
The report on The Register provides a link to the GlobalSign website that describes how to delete the cached, revoked certificates, and recover a fully-functioning, secure internet. Globalsign rather sneakily doesn’t make any mention of why you might want to do it (i.e. their mistake).
To delete OCSP and CRL cache files in macOS Sierra, in the terminal, type:
sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM ocsp;'
For older OS versions:
sudo rm /var/db/crls/*cache.db
(Careful with that sudo rm!)