Given the recent OSX issues with certificates and SSL, I want to increase the security of the certificate validation in general.
I came across a setting in the keychain that has a selection between best attempt and require if certificate indicates. The selection of always validate is greyed out.
When I do this, I get an error when using the app store "Unable to verify the preflight file". reverting to "best effort" seems to fix the issue.
How can I increase the security of my SSL / PKI certificate validation without breaking functionality of other apps?
Best Answer
This is a known bug in the App Store. Apple needs to fix it.
http://www.macworld.com/article/1162472/keep_your_mac_safe_from_web_security_flaws.html