I am curious what is expected as far as certificate (e.g. SSL) maintenance? I booted into Catalina the other day and tried to access forums.macrumors.com with Safari only to find out that its new certificate required that I have a new root certificate (Globalsign R6): https://forums.macrumors.com/thread...i-try-to-access-forums-macrumors-com.2418642/
I then downloaded that certificate from Globalsign and installed it with Keychain but the system wouldn't use it unless I marked it Always Trust. While I was in the mood I also checked DigitCert for similar issues and downloaded a few of their root certificates. Some of them required Always Trust but some of them didn't.
Questions:
I then downloaded that certificate from Globalsign and installed it with Keychain but the system wouldn't use it unless I marked it Always Trust. While I was in the mood I also checked DigitCert for similar issues and downloaded a few of their root certificates. Some of them required Always Trust but some of them didn't.
Questions:
- Why do some root certificates require manual marking with Always Trust and some don't?
- Do people periodically manually manage and update their systems' root/intermediate certificates or are most people avoiding this because Apple's updates takes care of this under the hood?
- Do you have any best practices as far as keeping certificates up-to-date and installing/trusting them?