Pictorial Guide to disabling Diginotar CA in MAC OSX


The company that runs the Diginotar CA was breached sometime in the last 3 months.

The company that runs Diginator CA has not yet admitted to the breach even when presented with clear breach evidence.

Google has acted to block all Diginotar certificates that have been known to impersonate other people’s domains. Thus, the Diginotar CA issues valid certificates for other people domains including Google’s.

You can’t trust any certificates signed by Diginotar – and there may have been thousands of illegal certificates issued for common domains. Therefore you must stop your operating system from trusting anything signed by Diginotar to keep yourself safe.

  1. Open Keychain
  2. Search for DigiNotar
  3. Select Root Certificate for Diginotar
  4. Right click and select Get Info
  5. Mark certificate as untrusted.