New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Apps and Games Discussion of applications and games available for Mac OS X.

Keychain has untrusted certificate


Post Reply New Thread Subscribe

 
Thread Tools
DreamingFox

 
DreamingFox's Avatar
 
Member Since: Mar 31, 2008
Posts: 27
DreamingFox is on a distinguished road

DreamingFox is offline
Hello,

I'm a week & a half into my new MBP (love it), and in the process of setting up Keychain to manage my passwords.

I downloaded an update (I *think* it was from apple - sorry, getting old and have CRS disease) that's making me uncomfortable, because when I look in System Keychains, there are a total of six listed in two categories:
com.apple.kerberos.kdc
com.apple.systemdefault

2 are public, 2 are private, and 2 are "certificate".

The "certificates" are marked with a red X and noted "This root certificate is not trusted".

Can someone tell me whether I should be worried, and if not, why not?
QUOTE Thanks
DreamingFox

 
DreamingFox's Avatar
 
Member Since: Mar 31, 2008
Posts: 27
DreamingFox is on a distinguished road

DreamingFox is offline
I guess nobody knows the answer to that question, so how about this one:

I can enter my password and unlock the System keychain - would it hurt anything to delete the two untrusted certificates?

They are "self-signed root certificates" that expire 3/26/28.
QUOTE Thanks
AlyciaAnimation

 
Member Since: Mar 04, 2008
Posts: 477
AlyciaAnimation has a spectacular aura about

AlyciaAnimation is offline
I have them too. I don't really understand what certificates are, so my rule is if I don't know what something is I just leave it alone.

Too many people just go and delete things they don't know what they are and then things go wrong and they can't log into their computer.

I have no reason to believe that these files aren't from apple. Especially if you just got your computer, I doubt apple would send it to you with something bad on it out of the box.
QUOTE Thanks
DreamingFox

 
DreamingFox's Avatar
 
Member Since: Mar 31, 2008
Posts: 27
DreamingFox is on a distinguished road

DreamingFox is offline
Well, I was kind of assuming that they arrived with the add-in I installed (it had something to do with making Keychain easier to use), but if you've got them too, then that rules that out.

I do find it slightly disturbing that Apple will ship something with untrusted certificates - so far, nearly everything with my Mac experience has been great, and again, I just don't quite get why Apple wouldn't fix this - it seems like it should be easy to do.

Anyway, thanks for the response.
QUOTE Thanks
skaheadpunk

 
skaheadpunk's Avatar
 
Member Since: Jan 12, 2008
Location: Leicester, England
Posts: 1,760
skaheadpunk has a spectacular aura about
Mac Specs: MacBook, iPod Classic, 8GB 3G iPhone, Time Capsule

skaheadpunk is offline
Sorry, did you download this with the Software Update thing?
QUOTE Thanks
Aptmunich

 
Aptmunich's Avatar
 
Member Since: Mar 09, 2004
Location: Munich
Posts: 9,073
Aptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant futureAptmunich has a brilliant future
Mac Specs: Aluminium Macbook 2.4 Ghz 4GB RAM, SSD 24" Samsung Display, iPhone 4, iPad 2

Aptmunich is offline
Quote:
Originally Posted by DreamingFox View Post
Well, I was kind of assuming that they arrived with the add-in I installed (it had something to do with making Keychain easier to use), but if you've got them too, then that rules that out.

I do find it slightly disturbing that Apple will ship something with untrusted certificates - so far, nearly everything with my Mac experience has been great, and again, I just don't quite get why Apple wouldn't fix this - it seems like it should be easy to do.

Anyway, thanks for the response.
Those are both "self-signed root certificates", which AFAIK basically means that using those certificate you can create your own certificates that you (or your system) can sign.

Either that, or they're just needed by the system for internal signing of things...

Again, I'm not really sure on this, but I have them as well, so I think you're good just leaving them.
QUOTE Thanks

Post Reply New Thread Subscribe


« Firefox 3 beta 5 is out. | Configuring Gmail IMAP labels/folders on iPhone & Apple Mail 3.0 »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Problems with MySQL scorpionbilli Web Design and Hosting 18 04-29-2008 08:07 PM
Keychain Driving Me Crazy Steve1 OS X - Apps and Games 3 12-26-2007 12:28 PM
Keychain Sharing Help lovinmymac Switcher Hangout 0 10-11-2007 09:23 PM
EAP-TLS - "This certificate has an invalid issuer." upenox OS X - Operating System 1 08-11-2007 01:43 PM
Apple Keychain First Aid Murlyn Running Windows (or anything else) on your Mac 6 09-19-2006 08:53 PM

All times are GMT -4. The time now is 02:32 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?