keychainsnow leopard
After the DigiNotar certificate debacle, I tried to remove their certificate from my Keychain. However, I think I deleted the wrong one. I am not sure which one it was, but trying to go to https://github.com in Chrome shows me a Error 202 (net::ERR_CERT_AUTHORITY_INVALID).
Whoops. How can I restore the default certificates into my keychain?
Every site I check that I have manually set as untrusted shows a warning. Perhaps things are changing on the servers so rapidly, different people doing the same actions are seeing different results.
Let's set aside the concept of blacklisting in general and certificate revocation like (CRL) or online verification like OCSP and just pick apart the mechanism of SSL certificates in the browser. I will set aside Chrome/Firefox/other browsers and just focus on Safari and the Mac Keychain as that's trouble enough for this post.
It was used to sign certificates that matched anything ending in google.com and they were spotted in use on sites that were certainly not google. This is a technological equivalent to someone constructing tunnels into a bank vault. Not plans to tunnel - but a working actual tunnel around a barrier everyone expected to be solid.
Now onto how to know why Safari didn't flag the site you listed as "bad".
I haven't deleted any certificates from the mac I'm on and just fired up the Keychain Assistant to use the Certificate Assistant (under the Keychain Access menu -> Certification Assistant -> Open...
In the small CA window, select continue, then View and Evaluate, then View and evaluate certificates, then continue.
As you can now see, https://as.digid.nl/ is serving up four certificates in the chain of trust:
In your question you stated you deleted the root key - if so, your safari is either cacheing the old values or when you looked, that site had a SSL certificate different than the one I saw making this answer. You'll have to reproduce the steps I just took to see which was the case.
In my case, I only had to mark the Staat der Nederlanden Root CA root certificate as untrusted to get Safari to balk and show this message when you load the site.
Since all the press is specific about only the DigiNotar Root CA as being bad, I am going to undo my change to not trust the Staat der Nederlanden Root CA.
I am going to mark the DigiNotar Root CA as never to be trusted and wait and see what Apple does. If you are interested in this sort of thing, do monitor the Apple Security page.
A report on forums.macrumors.com seems to be fairly similar to yours. This happens as well in Safari 5.1 and is very recent.
The solution was to delete:
~/Library/Preferences/com.apple.security.plist
Best Answer
You want the two files ending in *.keychain found in
/System/Library/Keychains(note that they may differ depending on your region, I'm not sure if things change depending on your geo-location).Unfortunately, there is no way to roll back unless you have a Time Machine backup, or the install files from the OS (then you can extract them using something like Pacifist).
Alternatively, you can run Keychain First Aid from the Keychain Access menu and hope it fixes things but those likely will only deal with errors or anomalies in your user's keychain, not the system's.
ATTENTION: For those in a similar position, these are all the files located under
/System/Library/Keychainsfrom a default installation of Snow Leopard 10.6.8 (in North America).