Certificate error for download.jetbrains.com


EAP downloads from downloads.jetbrains.com show a certificate warning on Chrome. thawte Extended Validation SHA256 SSL CA is not a trusted CA on my system.

OS X 10.9.4
Chrome Version 41.0.2272.104 (64-bit)


I am getting a similar error in Chrome 41.x on OSX 10.9.4

(was trying to download the IntelliJ 14.1 update at work)

Screen Shot 2015-04-13 at 10.24.28 AM.png

We've signed our certificate by very fresh CA from Thawte company (SHA256). So not all browsers/OS got updates.
If you update your system (just update MacOSX with last updates) - you'll get newest CA certificate from all certifacation companies and this error disappears.


This is exactly what this post was about: the certificate that you're using is not valid on some installations.

The suggestion to upgrade my system sounds a little peculiar. May I rather recommend that you contact the CA to request a refund for that broken certificate? After all, being installed as trusted CA is exactly why people are paying a lot of money for certificates... The current state is not better than a (free) self-signed certificate.


It's not broken certificate. It's just so fresh certificate because IT industry is going to replace SHA1 to SHA256 certificates.
If you update your OS to the last minor version this certificate will be trusted. It's normal to have your OS with last security fixes and updates.

Anyway this certificate affects some of our users so we're going to replace it with signed by SHA1 CA.


We've replaced certificate on https://download.jetbrains.com to signed by SHA1 CA.
Now your browser should not warn about any incompatibilities.



When I use the gateway, an error is reported.

then, when retry on my server, I had the same problem!!!!!!


Hello Juntongma 0860.

Could you please provide the output of the  echo | openssl s_client -servername download.jetbrains.com.cn -connect download.jetbrains.com.cn:443 2>/dev/null | openssl x509 -noout -dates -issuer -subject  command? I want to take a look at the certificate you receive. 


Olga Mulina 

Ive encountered a similar issue to the above SSL issue when trying to use dev containers, and at the last step it tries to download the IDE and I get the following.

2024-02-05 10:07:31,912 WARN exit code: 5 sh -c "/bin/sh -lc echo\ REMOTE_EXEC_OUTPUT_MARKER_\ \&\&\ wget\ -O\ /root/.cache/JetBrains/RemoteDev/dist/b4070a02d2cb7_goland-241.10840.30.tar.gz\ https://download.jetbrains.com/go/goland-241.10840.30.tar.gz"
--2024-02-05 10:07:32-- https://download.jetbrains.com/go/goland-241.10840.30.tar.gz
Resolving download.jetbrains.com (download.jetbrains.com)...,,, ...
Connecting to download.jetbrains.com (download.jetbrains.com)||:443... connected.
ERROR: The certificate of 'download.jetbrains.com' is not trusted.
ERROR: The certificate of 'download.jetbrains.com' doesn't have a known issuer.


The output from your SSL command is below:

echo | openssl s_client -servername download.jetbrains.com.cn -connect download.jetbrains.com.cn:443 2>/dev/null | openssl x509 -noout -dates -issuer -subject
Warning: Reading certificate from stdin since no -in or -new option is given
Could not find certificate from <stdin>
0021C60302000000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:

I was able to get some more details with the following:

openssl s_client -servername download.jetbrains.com -connect download.jetbrains.com:443                                                          
Connecting to
0021C60302000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:946:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 85 bytes and written 337 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 309408B58108D0E56F3F1D30099B74C9E4D9FF5BF33D17D283F7810CBBE0599C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1707130250
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes

Hello, Ssorcnafets. Do you use any proxy in your network? If so, please make sure it is configured in the Settings | Appearance & Behavior | System Settings | HTTP Proxy.


Please sign in to leave a comment.