The watchOS Trust Store contains three categories of certificates:
Trusted root certificates are used to establish a chain of trust that's used to verify other certificates signed by the trusted roots, for example to establish a secure connection to a web server. When IT administrators create Configuration Profiles for watchOS, they don't need to include these trusted root certificates.
Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it.
Blocked certificates are believed to be compromised and will never be trusted.
This article lists the certificate trust policies for watchOS, and is updated when changes are made to the certificate list. It lists the certificates for watchOS Trust Store version 2016102100, which is current for watchOS 3 and later.
|