Delete/Untrust Certificates from macOS

This section provides a tutorial example on how to untrust (if delete is not possible) a certificate from macOS using Keychain Access.

As you can see from the previous tutorial, the list of trusted root CA certificates on macOS is quite long. It contains many root CA certificates you are probably never going to use them. If you want to, you can delete root CA certificates that are not needed from macOS.

Here is what I did on macOS to delete the "VeriSign Class 3 Public Primary Certification Authority - G5" certificate, which may be needed to validate some Website certificates. But I can delete it, because I have exported it to a file already.

1. Repeat steps listed in the previous tutorial until you see the Keychain Access window.

2. Click "System Roots" keychain, then "Certificates" category on the left pane. And select "VeriSign Class 3 Public Primary Certification Authority - G5".

3. Search for ways to delete the selected root certificate. No way from the menu system. Press "Delete" key does nothing. So there is no way to delete a root certificate.

4. Double click "VeriSign Class 3 Public Primary Certification Authority - G5" to open the certificate.

5. Click "Trust" to open its trust settings.

6. Change "When using this certificate" to "Never Trust".

7. Close the certificate and enter the admin password to confirm the change.

Now this root CA certificate not trusted any more.

Detrust Root Certificate on macOS Computer
Detrust Root Certificate on macOS Computer

By the way, you can delete a non-root certificate from Keychain Access from the context menu.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

macOS Certificate Stores and Keychain Access

 What Is Keychain Access on macOS

 Listing of Trusted Root CA in macOS

 Exporting Root Certificate to File from macOS

Delete/Untrust Certificates from macOS

 Unlock Keychain to Access Certificate on macOS

 Import Server Certificates to macOS

 Create My Own Root CA on macOS

 Review My Root CA Certificate on macOS

 Review Private Key of My CA Certificate on macOS

 Generate CSR (Certificate Signing Request) on macOS

 Issue New Certificate with My CA on macOS

 Verify Certificate Signed by My CA on macOS

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB