So I see some expired certs under 'System Roots' (not 'System'), so I want to delete them via cmd.
sudo security delete-certificate -c A-Trust-nQual-01 /System/Library/Keychains/SystemRootCertificates.keychain
However bash reports
security: SecKeychainItemDelete: UNIX[Operation not permitted]
I entered the correct password for sudo for sure. How can I proceed?
OS: latest MAC OS X release, not beta.
Update:
I even tried with sudo su as root, still not work:
sh-3.2# security delete-certificate -c A-Trust-nQual-01 /System/Library/Keychains/SystemRootCertificates.keychain
security: SecKeychainItemDelete: UNIX[Operation not permitted]
sh-3.2# whoami
root
sh-3.2#
Best Answer
It's just System Integrity Protection (SIP) that prevents even
rootfrom modifying the contents of/System— you can toggle it by booting to the Recovery Partition (reboot holding Command-R) and then runningcsrutil disablecommand in the Terminal (more details). With SIP disabled, you can reboot and then your commands will be permitted.