2/15/10
7:49 am

Forum Question: Keychain root certificate from Apple not *trusted*

Hi,
I love your podcast – so first of all, thanks for these.

I have a question. I was cleaning up in my keychain certificates and noticed, that under ‘System’, I have a certificate listed from Apple called com.apple.systemdefault, which expires in 2027. This certificate is signed as not trusted. Any idea why Apple issues a certificate this way?

— John Dahl

Comments: 2 Responses to “Keychain root certificate from Apple not *trusted*”

    2/15/10 @ 7:53 am

    I’m not sure. Off the top of my head, I’d say there are two reasons why it could be listed as “not trusted” — one is that you don’t have an official certificate for your own root account. No one does. No one would pay for and obtain an external certificate for their own computer because they don’t need any external validation since it is their own machine. The other idea is that maybe if it is “trusted” that means you never have to log on to your own machine — which would be a security issue. You want to be able to at least have the option to log in on startup, etc. So “not trusted” could really mean “ask for password.”
    These are just two ideas. But this isn’t something I would worry about. If everything is working OK then I’m sure this keychain item is set up correctly.

      John Dahl
      2/16/10 @ 5:54 pm

      Thanks. Finally an answer I could use :)

Comments Closed.