Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


macrumors regular
Original poster
Dec 8, 2023
I am curious what is expected as far as certificate (e.g. SSL) maintenance? I booted into Catalina the other day and tried to access with Safari only to find out that its new certificate required that I have a new root certificate (Globalsign R6):

I then downloaded that certificate from Globalsign and installed it with Keychain but the system wouldn't use it unless I marked it Always Trust. While I was in the mood I also checked DigitCert for similar issues and downloaded a few of their root certificates. Some of them required Always Trust but some of them didn't.

  • Why do some root certificates require manual marking with Always Trust and some don't?
  • Do people periodically manually manage and update their systems' root/intermediate certificates or are most people avoiding this because Apple's updates takes care of this under the hood?
  • Do you have any best practices as far as keeping certificates up-to-date and installing/trusting them?
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.