Our computers trust a scary amount of Root Certificate Authorites, and sometimes I have trust issues with some of them. Most recently being the StartCom bug, which allowed anyone to get a certificate for any domain they wanted.
I canโt trust them. Period. And I donโt have to.
Here is how you can revoke trust for any Root CA in OSX:
- Open Keychain Access.
open /Applications/Utilities/Keychain\ Access.app - Click on
System Rootsfrom the leftKeychainssidebar. - Type
startcomin the search bar. - Select all the root certificates and press
โi. - Expand the
Trustsection
and change the optionWhen using this certificate
to
Never Trust.