Messing around with Keychain Access on macOS Sierra, it seems like I have accidentally deleted trusted root certificates in Keychain Access.
What I did was opening a *.p7s file to add a S/MIME certificate. This threw an error:
An error occurred. Unable to import the certificate.
Error: -26276
, but still the certificate ended up being listed in Keychain Access. Next, opening Mail and creating a new Email I was able to use the certificate. I decided to delete the certificate from the Keychain and re-add it in order to resolve the error. Therefore I deleted all entries containing the name of the trusted source I have used for my certificate (I believe).
Now adding the same certificate again, still an error appears but the then listed entry says: This certificate was signed by an unknown authority, and Mail doesn't let me use it anymore…
I have also created and added a new certificate with the same authority leading to the same result.
Is it even possible I have deleted the default trusted root certificates from inside Keychain Access, or why else can I not use the certificate anymore? Is there a way to reset or fix it?
Best Answer
If you have in fact deleted a trusted root certificate, then you must
In order to trust the certificate, open it by double-clicking on it in the keychain, open the Trust section, then set When using this certificate: Always trust.
In order to make Mail accept the newly trusted certificate, it may be necessary to quit and re-start Mail.
If all fails, you could re-install your macOS over the existing installation which will most probably restore all pre-installed root certificates again.