Thanks for the clarification.
> Take for example the com.apple.systemdefault certificate in System.keychain. That's created as a self-signed root certificate as part of system installation. Its purpose is to the authoritative certificate for the concept of "this computer". The system uses it to sign/encrypt information that has no use or validity on any other computer in the world.
But why is a "self-signed" key "not trusted?" (If it's of any significance, this is on a 10 day old clean installation.)
Thanks
Maybe there's no point. What are you going to sign it with? So you make a cert to sign it with. But now THAT is untrusted. So what will you sign THAT with? Any certificate that's made locally can't be trusted automatically because either the private key that signed it is available, or it's not signed.
