In Keychain Access it looks like you can only untrust/delete certificates one at a time.
But there are a lot of certificates I want to get rid of. How can I take care of them all at the same time?
Also, what are the minimum certificate requirements? Is it possible to make the system unusable by untrusting a certificate?
Best Answer
If You want to change set of system root certificates, they are in /System/Library/Keychains/. Example of using security there is in this answer to similar question.