On my system when I check Keychain Access I often find new certificates. They get put there behind the scenes. Is that normal? When does this happen? Is there a way I can get alerted when a certificate gets added to the keychain?
Where do certificates come from
certificatekeychainSecurity
Related Question
- MacOS – Getting “Certificate signed by untrusted issuer” on Mac
- Cannot find expired certificate in Keychain Access
- Why is the Turkish Government in the computer
- Re-added certificate leads to unknown authority
- MacOS – How to create /etc/certificates/*.{cert,chain,concat,key}.pem files without reboot
- Why are these corporate certificates pre-installed and is it safe to delete/“Never Trust” most/all of them
Best Answer
Apple may occasionally approve additions to new Root CAs e.g. Verisign, who can then sign certificates for individual sites you visit.
The root certificates for OS X El Capitan are here https://support.apple.com/en-us/HT205204
I assume these are done in software updates via the App Store, but I don't know for sure.
Also your company may add additional self signed certificates for internal reasons or installing development software.
But AFAIK keychain won't bloat over time as you visit new sites, so the list should be fairly static.