Keychain/Certificate Maintenance – MacRumors Forums

by | Feb 14, 2024 | SSL Certificate News | 0 comments

JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser[1].

bzgnyc2[2]

macrumors member


Original poster


I am curious what is expected as far as certificate (e.g. SSL) maintenance? I booted into Catalina the other day and tried to access forums.macrumors.com with Safari only to find out that its new certificate required that I have a new root certificate (Globalsign R6): https://forums.macrumors.com/thread…i-try-to-access-forums-macrumors-com.2418642/

I then downloaded that certificate from Globalsign and installed it with Keychain but the system wouldn’t use it unless I marked it Always Trust. While I was in the mood I also checked DigitCert for similar issues and downloaded a few of their root certificates. Some of them required Always Trust but some of them didn’t.

Questions:

  • Why do some root certificates require manual marking with Always Trust and some don’t?
  • Do people periodically manually manage and update their systems’ root/intermediate certificates or are most people avoiding this because Apple’s updates takes care of this under the hood?
  • Do you have any best practices as far as keeping certificates up-to-date and installing/trusting them?

[4]

References

  1. ^ alternative browser (www.google.com)
  2. ^ bzgnyc2 (forums.macrumors.com)
  3. ^ Today at 6:43 AM (forums.macrumors.com)
  4. ^ https://forums.macrumors.com/thread…i-try-to-access-forums-macrumors-com.2418642/ (forums.macrumors.com)

Source

Submit a Comment

Your email address will not be published. Required fields are marked *