How to Get Rid of DigiNotar Digital Certificates from OS X
The age of computers has brought us a lot of great things. We get to find information on any subject at any time of day, keep up on the news anywhere in the world, build new networks of friends, and keep up with our old friends. Most of this stuff is rather boring for a hacker. Do they really care what you watch on Youtube?
There are somethings that they would like to know very much. These could be account numbers and passwords so to protect that information sites us SSL. Furthermore those sites are validated and given certificates to prove it. That is great as long as the certificates are real.
In case you have missed the news, DigiNotar was hacked last month. When this happened their servers started issuing fake digital certificates. This was made worse because even when security settings were changed, many OS X users were still finding these sites as trusted. Removing DigiNotar from the key chain did not seem to be enough. The users tried to fix the problem but many of them were missing a very important step. Without doing that one little thing it was like they had done nothing at all.
Luckily for OS X users, however, io101.org were nice enough to post a step by step guild on how to make sure the DigiNotar certificates are off your machine. By breaking the process into simple steps the users could be sure that it was done correctly. There is even a safe test you can run to make sure you have done it correctly.
The first thing you will have to do is to see if you need to do anything. To do this you can simple click here. This link is a HTTPS version of DigiNotar own site. If the certificates are still on your machine you will be allowed in. That is not good because you should be getting warning that this is site has an invalid certificate.
If that is not the case follow the steps below.
- First you need to find your keychain access.
- Next, search for DigiNotar
- Once you find it you have two choices. You can simply delete it or, if you prefer, you change the security setting. Change it to “never trust”.
- Now restart Safari.
- Use the above link and test again.
You have now solved any DigiNotar issues. It seems most likely that the reason so many users where having a problem is they forgot on simple step, they did not restart Safari. This step has to be done to be sure that the DigiNotar certificates are not trusted. Sometimes with computers it is the little things that will get you.
It is a good rule of computing to restart a program if you have altered any part of the program itself. Sure, there are some things that can be done without this step, but it is a good idea to do it if it is something important, like security settings.