Let me preface this with the fact that I know nothing about networking / security / etc. Twice now, I've had issues with root certificates not working and throwing errors, even though they are still valid.
Here's the link to my last post that was was fixed after an update to the OS (at this point, I cannot update any further, as my system is frozen based on older software that requires it).
Safari can't verify the identity of the website errors
Now, the same issue happened again and I can't figure out what to do. I've been worried that this is a MiTM attack, but didn't know what to do to fix it at this point. I deleted the key in question that had a red x next to it in Keychain and tried to reinstall the keys through Pacifist, but its still not working (also, I dont see the Key now after using the Pacifist method, so I'm not sure how to get it back, but the websites are still throwing errors.
If anyone has any suggestions to fix the issue (as I would like to safely get into some websites that requires this), or a solution to the overall problem, I would be EXTREMELY happy (I will be offering reputation points as soon as the option is open or will send directly, if its possible to do, if someone helps me to fix this sooner than that).
I'm on OS 10.8.5 currently.
EDIT:
I installed it and it now says, under "InCommon RSA Standard Assurance Client CA" – This certificate was signed by an unknown authority." I also have 3 to 4 other login certificates that are showing errors, each one of them has some sort of message about the "InCommon RSA Standard Assurance Client CA." Strangely, theres another certificate that is showing no errors that is signed by the InCommon RSA Standard Assurance CLient CA, but with a different expiration date. I'm lost. I can post photos of all the errors if necessary.
UPDATE:
Upgraded from 10.8.5 to 10.10.5. Certificate issues still persist.
Best Answer
One should never delete a Root Certificate.
And you should never delete a Root Certificate that has been Marked as Invalid before its expiration Date has been reached.
There was a reason why it was marked as invalid.
Mostly because the Issuer of the Certificate mark it as invalid (this could have been done because he got hacked or whatever could have compromised his Root Certificate).
Now you/your Browser don't have the Root Certificate so you/your Browser aren't able to validate any Certificate which is trusted by this Root.
So it depends on the Browser and how it handles Certificates of a Root it doesn't know.
If the Browser acts correct he will show you each Certificate based on this Root as invalid but some Browsers (at least in Past) didn't handle this correct and would have shown Certificates without a Root they know as valid.