Our computers trust a scary amount of Root Certificate Authorites, and sometimes I have trust issues with some of them. Most recently being the StartCom bug, which allowed anyone to get a certificate for any domain they wanted.
I can’t trust them. Period. And I don’t have to.
Here is how you can revoke trust for any Root CA in OSX:
- Open Keychain Access.
open /Applications/Utilities/Keychain\ Access.app
- Click on
System Rootsfrom the left
startcomin the search bar.
- Select all the root certificates and press
- Expand the
and change the option
When using this certificate