Mac Tutorials - Herong's Tutorial Examples - v3.08, by Herong Yang
Review My Root CA Certificate on macOS
This section provides a tutorial example on how to review my self-signed root CA and make it trusted on macOS using Keychain Access.
From the previous tutorial, I have created a Root CA certificate for myself. Now, let me review it.
1. Open "System" keychain and "Certificates" category in Keychain Access. "Herong Yang's CA" is listed there and marked as untrusted.
2. Double click "Herong Yang's CA" to open it.
3. Click "Trust" to open the section. Select "Always Trust" in "When using this certificate". And close the certificate with your password to save the change.
4. Double click "Herong Yang's CA" to open it again.
5. Click "Details" to review settings in the certificate.
Subject: Herong Yang's CA Issuer: Herong Yang's CA Signature: ECDSA Signature with SHA-256 ( 1.2.840.10045.4.3.2 ) Algorithm: Elliptic Curve Public Key ( 1.2.840.10045.2.1 ) Parameters: Elliptic Curve secp521r1 ( 1.3.132.0.35 ) Public Key: 04 01 BD 5B 01 22 38 1B EE C9 2F 79 99 C6 60 46 ... Usage: Digital Signature, Key Cert Sign ...
Everything looks good! I have a self-signed root CA certificate contains a public key based on the "secp521r1" elliptic curve.
Table of Contents
Macintosh OS (Operating System) History
System and Application Processes
Keychain Access - Password Manager
►Keychain Access - Certificate Manager
Using Keychain Access as Certificate Manager
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
Delete/Untrust Certificates from macOS
Import Server Certificates to macOS
Create My Own Root CA on macOS
►Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Manage Keychains with Commands
Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"