Home
Posted By: pbGuy Keychain Certificates - 10/24/13 02:02 PM
While I don't venture too often into the Keychain utility, I've recently done so since installing Mavericks (which is running very smoothly on my system).

While in Keychain, I've noticed the Certificates with the little red x in the icon.

The x denotes the root Certificate is not to be trusted.

These Certificates all happen to be identified as com.Apple.xxx .

Can these Certificates be deleted safely or is it best to leave them as is?
Posted By: Virtual1 Re: Keychain Certificates - 10/25/13 01:50 PM
without looking I can guess a bit. Those may be expired certificates. (old ones) that for some reason the system didn't remove when installing new ones. untrusted certs are not used by the system, they're basically ignored. I had several old iterations of my email pub/private key in my keychain recently, and mail stops using them the day they expire.
Posted By: pbGuy Re: Keychain Certificates - 10/25/13 08:34 PM
Do you think it Ok, or preferable, to delete them? Or, just leave them in place?
Posted By: joemikeb Re: Keychain Certificates - 10/25/13 10:18 PM
The more certificates you have whether they are active or expired, the longer it takes to search for any one of them. On modern systems the time and CPU cycles used in the search are undetectable without sensitive tests so draw your own conclusions.
Posted By: Virtual1 Re: Keychain Certificates - 10/26/13 01:41 AM
Originally Posted By: pbGuy
Do you think it Ok, or preferable, to delete them? Or, just leave them in place?


expired certs are unusable. may as well delete them. but as said above, no rush
© FineTunedMac