Home > security > Are these root certificates suspicious?

Are these root certificates suspicious?

July 3Hits:3

On a fresh install of Leopard when I look at the root certificates this is what I see when I order them by expiration date.

Are these root certificates suspicious?

I find the names, dates, and number of certificates suspicious. Is this all normal?


Yes the installed certificates are valid, however I would advise updating to the latest version of Leopard and make sure that the compromised Diginotar certificates are uninstalled: This link at ps Enable provides an easy method for this.

On Root Certificates, they are by their nature long lived since they are the "Master" certificates and having them expire too often would cause issues with SSL certificate chain's world-wide.

This is normal. Don't worry about this.

Mac always send/get a messages from his own server, and this certificates needed for them. And you can see him working how: new updates, new services, ...

some discussion

Yes, they're listed in date order and all look to be valid root certification authorities.

It is extremely unlikely that anything could be compromised at install unless perhaps you used media downloaded from a third party. If it was real media and the disk was formatted you're almost certainly fine; the only attack vectors then being other infected macs on the local network or infected updates downloaded from fake update servers you're directed to by dodgy dns servers that have been intentionally configured on your dhcp server for that purpose (this scenario is so unlikely you'd stand a better chance of infecting your macbook with a virus by sneezing on it).

Related Articles

  • Are these root certificates suspicious?

    Are these root certificates suspicious?July 3

    On a fresh install of Leopard when I look at the root certificates this is what I see when I order them by expiration date. I find the names, dates, and number of certificates suspicious. Is this all normal? --------------Solutions------------- Yes t

  • Which trusted root certificates are included in Java?October 14

    Which trusted root certificates are included in Java, specifically Sun Java and IBM Java? How can I get the list myself? Does Java on Windows use certificates from operating system? --------------Solutions------------- Go to the "Java Control Panel&q

  • how are CA root certificates updated on windows 2003 servers and windows xp?October 31

    I'm trying to understand how XP versus Server handles updating CA root certificates? For example the godaddy/thawte/entrust etc. Is it always a manual process? Does it depend on your OS version? Is there a way to get automatic updates? Thanks in adva

  • Can a malicious hacker share Linux distributions which trust bad root certificates? April 28

    Suppose a hacker launches a new Linux distro with firefox provided with it. Now a browser contains the certificates of the root certification authorities of PKI. Because firefox is a free browser anyone can package it with fake root certificates. Thu

  • How can you import a root certificate to a machine level store in Windows 7May 12

    I have a service (Running as local system) that uses an SSL connection. Currently this connection fails because the remote host used a private CA to sign it's certificate. For previous operating systems, I used to use the certificate manager to impor

  • Impact Disabling "Update Root Certificates" Has On SQL ServerJuly 14

    I was told that Disabling the Update Root Certificates option from the Windows Components section of Add/Remove Programs will cause SQL Server to stop working properly. It this correct, or is my friend simply misinformed? --------------Solutions-----

  • Installing/deleting root certificate without CertMgr / CertUtil asking the end-user for confirmationSeptember 21

    When you install or delete a root CA certificate using the commandline tools CertUtil.exe or CertMgr.exe, Windows asks the user for confirmation using a MessageBox (for certificates other than root CA ones, this question is not asked), even for the r

  • Trusted Root Certificate gone missingOctober 15

    Recently I've been getting that little yellow ribbon on Internet Explorer warning me that there's something wrong with the certificate, and also accessing a certain https website shows me the "Certificate Error" page. I've been able to trace the

  • Why does my certificate provider ask me to disable its root certificate?January 21

    I received an SSL certificate from GoDaddy yesterday and their instructions to install the certificate seemed weird. To be precise, they asked me to disable their root certificate in server. NOTE: If the Go Daddy Class 2 Certification Authority root

  • Generate csr against root certificateJanuary 26

    I have a root certificate (root.cer) that's not signed by a CA, but is trusted on all computers on our internal network & I need to create a csr against it for my local apache webserver that serves a small intranet site. I'm not sure I'm phrasing it

  • Install new root certificate authority (CA) in windowsFebruary 14

    I am trying to use ninite to get my new laptop set up quickly. However when I try to install, windows complains about the CA. The website ninite.com also shows certificate problems. They use a root CA (COMODO Certification Authority) that is not incl

  • Root Certificate Not Applied to Imaged MachinesFebruary 23

    We have a certificate authority / server in our domain. If we install new machines and join them to the domain, they automatically receive the root certificate in their Trusted Root Certification Authorities store. However, our PC group often uses a

  • How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

    How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?February 23

    This question has been revised & clarified significantly since the original version. If we look at each trusted certificate in my Trusted Root store, how much should I trust them? What factors should be taken into consideration when I evaluate the tr

  • How to delete a single (SSL root) certificate?February 24

    There is only a way to purge the whole certificate store (for SSL root certificates like those used for 802.1x). Is there an app, setting or (as a last resort) command line to remove a single certificate? (Android 2.2) --------------Solutions--------

  • Renewing Microsoft Certificate Services Root CertificateApril 3

    We currently have Microsoft Enterprise Certificate Server installed on a domain member machine which issues 1 year certificates to users for authenticating to VPN. We'd like to start issuing web server certificates from our CA to secure Dell Open Man

  • Certification authority root certificate expiry and renewal

    Certification authority root certificate expiry and renewalAugust 30

    In 2004, I set up a small certification authority using OpenSSL on Linux and the simple management scripts provided with OpenVPN. In accordance with the guides I found at the time, I set the validity period for the root CA certificate to 10 years. Si

  • Why are Safari and Chrome not throwing warnings after removing the root certificates

    Why are Safari and Chrome not throwing warnings after removing the root certificatesAugust 30

    Certificates issued by DigiNotar have been blacklisted today by Mozilla. Viewing websites with certificates issued by DigiNotar with a nightly build of Firefox will render warnings. Instead of waiting for an update, for the certificates to be revoked

  • DigiNotar Trusted Root Certificates in IE8

    DigiNotar Trusted Root Certificates in IE8September 5

    In light of the DigiNotar CA compromise I decided to check my Internet Explorer Trusted Root Certificates on all my Windows PC's, Windows 7 showed none from DigiNotar, but all of my XP PC's did. I then read this Microsoft bulletin, and under Suggeste

  • What happens to signed code when root certificates get compromised?September 7

    My Windows Server just requested a certificate update related to the compromise of a root certificate a while ago. I remember Firefox, Safari, Flash, the .Net pile of stuff and Internet Explorer all requested that update earlier. I know code is signe

  • Limiting the root certificate chain

    Limiting the root certificate chainOctober 1

    I'm playing around with the idea of running a mini-CA with my (hobby) website, likely only used internally with a few select developers for internal emails, client authentication, staging/development server certs etc. I'm reluctant to extend this sty

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.429 s.