Removing compromised system root certificates

Sep 14, '11 07:30:00AM

Contributed by: rejetton

This hint shows how to remove the Diginotar System Root certificate. You must be an administrator to take this action.

Open KeyChain Access, and select System Roots under Keychains. Type 'diginotar' in the search field on the upper right. When I did this only a single certificate was left in the list of certificates. Select that certificate and press the delete key. Confirm that you want to delete it, and expect to enter your password.

Note: I right clicked on this certificate and selected 'delete' a couple of times but that did nothing.

[crarko adds: This hint was actually submitted prior to the release of Apple Security Update 2011-005 for Lion and Snow Leopard. That update handles this issue for those versions of the OS, but there is no update for Leopard or earlier systems, so these still require manual fixing. For stronger measures than what is included in this hint, I refer you to this excellent article on the subject.]

Comments (2)

Mac OS X Hints