Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

bzgnyc2

macrumors regular
Original poster
Dec 8, 2023
175
188
I am curious what is expected as far as certificate (e.g. SSL) maintenance? I booted into Catalina the other day and tried to access forums.macrumors.com with Safari only to find out that its new certificate required that I have a new root certificate (Globalsign R6): https://forums.macrumors.com/thread...i-try-to-access-forums-macrumors-com.2418642/

I then downloaded that certificate from Globalsign and installed it with Keychain but the system wouldn't use it unless I marked it Always Trust. While I was in the mood I also checked DigitCert for similar issues and downloaded a few of their root certificates. Some of them required Always Trust but some of them didn't.

Questions:
  • Why do some root certificates require manual marking with Always Trust and some don't?
  • Do people periodically manually manage and update their systems' root/intermediate certificates or are most people avoiding this because Apple's updates takes care of this under the hood?
  • Do you have any best practices as far as keeping certificates up-to-date and installing/trusting them?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.