Today I Learned

hashrocket A Hashrocket project

Trust Issues 🤔

Our computers trust a scary amount of <a href="" target="_blank">Root Certificate Authorites</a>, and sometimes I have trust issues with some of them. Most recently being the <a href="" target="_blank">StartCom</a> bug, which allowed anyone to get a certificate for any domain they wanted.

I can't trust them. Period. And I don't have to.

Here is how you can revoke trust for any Root CA in OSX:

  1. Open Keychain Access. <br />open /Applications/Utilities/Keychain\
  2. Click on System Roots from the left Keychains sidebar.
  3. Typestartcom in the search bar.
  4. Select all the root certificates and press ⌘i.
  5. Expand the Trust section<br>and change the option <br>When using this certificate<br> to<br> Never Trust.
See More #workflow TILs