Listing of Trusted Root CA in macOS

This section provides a tutorial example on how to see the list of trusted root CA (PKI Certificate Authorities) pre-installed on macOS.

As we learned earlier, the trust of an entire HTTPS Website is based on certificates of trusted root CA (PKI Certificate Authorities).

Before using the Apple browser Apple Safari on my computer to visit any HTTPS Websites, I want to see who are those trusted PKI Certificate Authorities my macOS computer.

1. Click "Launchpad > Other > Keychain Access". The Keychain Access screen shows up.

2. Click "System Roots" keychain, then "Certificates" category on the left pane. A list of all trusted root CA certificates are displayed.

Expiration   Root CA

2029-01-01   AAA Certificate Services
2030-09-22   Actalis Authentication Root CA
2021-11-10   Admin-Root-CA
2030-12-31   AffirmTrust Commercial
2030-12-31   AffirmTrust Networking
2033-06-06   ANF Global Root CA
2035-02-10   Apple Root CA
2033-03-12   ApplicationCA2 Root
2031-01-01   Atos TrustedRoot 2011
2030-12-31   Autoridad de Certificacion Firmaprofesional CIF A62634068
2025-05-13   Baltimore CyberTrust Root
...

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

macOS Certificate Stores and Keychain Access

 What Is Keychain Access on macOS

Listing of Trusted Root CA in macOS

 Exporting Root Certificate to File from macOS

 Delete/Untrust Certificates from macOS

 Unlock Keychain to Access Certificate on macOS

 Import Server Certificates to macOS

 Create My Own Root CA on macOS

 Review My Root CA Certificate on macOS

 Review Private Key of My CA Certificate on macOS

 Generate CSR (Certificate Signing Request) on macOS

 Issue New Certificate with My CA on macOS

 Verify Certificate Signed by My CA on macOS

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB