The macOS High Sierra Trust Store contains three categories of certificates:
Trusted root certificates are used to establish a chain of trust that's used to verify other certificates signed by the trusted roots, for example to establish a secure connection to a web server. When IT administrators create Configuration Profiles for macOS, they don't need to include these trusted root certificates.
Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it.
Blocked certificates are believed to be compromised and will never be trusted.
This article lists the certificate trust policies for macOS High Sierra, and is updated when changes are made to the certificate list. Follow these steps to find the version of the Trust Store installed on your Mac:
In the Finder, choose Go > Go to Folder.
Type or paste /System/Library/Security/Certificates.bundle/Contents/Resources/TrustStore.html and click Go.
In the folder that appears, open TrustStore.html. The Trust Store version is in the upper-right corner of the page.
This article lists the certificates for macOS High Sierra Trust Store version 2018040200, which is current for macOS High Sierra 10.13 and later.
|