Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Removing compromised system root certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Removing compromised system root certificates
Authored by: negritude on Sep 14, '11 08:04:19PM

My hint is better, since it removes ALL the compromised certificates, and works when using Keychain Access does not:

If you're still using Leopard or earlier and wish to remove the compromised certificates, you can do so manually by issuing the commands below in terminal (you need an admin account). This works even when attempting to untrust or delete the certificates via Keychain Access does not:

sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C /System/Library/Keychains/SystemRootCertificates.keychain

sudo security delete-certificate -Z 59AF82799186C7B47507CBCF035746EB04DDB716 /System/Library/Keychains/SystemRootCertificates.keychain

sudo security delete-certificate -Z 101DFA3FD50BCBBB9BB5600C1955A41AF4733A04 /System/Library/Keychains/SystemRootCertificates.keychain

Also, if you want to be completely safe, you should remove DigiNotar's Extended Validation Certificate listing from EVRoots.plist. To edit that file you need to be root, and the simplest way I found was to enter the following command in a terminal:

sudo "/Developer/Applications/Utilities/Property List List Editor" /System/Library/Keychains/EVRoots.plist

This gives the Property List Editor the necessary privileges to be able to save the file once you're done editing. Your copy of the PLE may be located in a different directory, and if so, you'll need to change the path appropriately.

Now look for the line that has this number:


Select it. Then click Delete in the menu. Then exit the Property List Editor. You'll be asked to save the file before it closes.

[ Reply to This | # ]