Deleting DigiNotar’s Root Certificate on Mac OS X

Recently a number of fraudulent SSL certificates for high profile websites, including Google, were obtained from the Dutch Certificate Authority DigiNotar.
These certificates could be used to impersonate or intercept legitimate services.
One method for dealing with this situation is to mark DigiNotar’s root certificate as untrusted.
Unfortunately due to a bug in Mac OS X DigiNotar signed EV certificates will still appear to be valid.
To work around this one can delete the certificate from the system trust roots with the following command:

	security delete-certificate -Z \
	 	C060ED44CBD881BD0EF86C0BA287DDCF8167478C \
		/System/Library/Keychains/SystemRootCertificates.keychain

Comments are closed.