Mac Tutorials - Herong's Tutorial Examples - v3.08, by Herong Yang
Delete/Untrust Certificates from macOS
This section provides a tutorial example on how to untrust (if delete is not possible) a certificate from macOS using Keychain Access.
As you can see from the previous tutorial, the list of trusted root CA certificates on macOS is quite long. It contains many root CA certificates you are probably never going to use them. If you want to, you can delete root CA certificates that are not needed from macOS.
Here is what I did on macOS to delete the "VeriSign Class 3 Public Primary Certification Authority - G5" certificate, which may be needed to validate some Website certificates. But I can delete it, because I have exported it to a file already.
1. Repeat steps listed in the previous tutorial until you see the Keychain Access window.
2. Click "System Roots" keychain, then "Certificates" category on the left pane. And select "VeriSign Class 3 Public Primary Certification Authority - G5".
3. Search for ways to delete the selected root certificate. No way from the menu system. Press "Delete" key does nothing. So there is no way to delete a root certificate.
4. Double click "VeriSign Class 3 Public Primary Certification Authority - G5" to open the certificate.
5. Click "Trust" to open its trust settings.
6. Change "When using this certificate" to "Never Trust".
7. Close the certificate and enter the admin password to confirm the change.
Now this root CA certificate not trusted any more.
By the way, you can delete a non-root certificate from Keychain Access from the context menu.
Table of Contents
Macintosh OS (Operating System) History
System and Application Processes
Keychain Access - Password Manager
►Keychain Access - Certificate Manager
Using Keychain Access as Certificate Manager
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
►Delete/Untrust Certificates from macOS
Import Server Certificates to macOS
Create My Own Root CA on macOS
Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Manage Keychains with Commands
Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"