Portachiavi di backup prima di provare qualsiasi cosa.
Elenco dei certificati radice:
sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain
Cerca in un dump i nomi o i valori hash SHA-1 dei certificati che vuoi eliminare e scrivili.
Ora puoi cancellare i certificati di root usando il comando security delete-certificate
.
Usage: delete-certificate [-c name] [-Z hash] [-t] [keychain...]
-c Specify certificate to delete by its common name
-Z Specify certificate to delete by its SHA-1 hash value
-t Also delete user trust settings for this certificate The certificate to be deleted must be uniquely specified either by a
string found in its common name, or by its SHA-1 hash. If no keychains
are specified to search, the default search list is used.
Ad esempio, puoi eliminare i certificati radice cinesi usando questo comando:
sudo security delete-certificate -Z 8BAF4C9B1DF02A92F7DA128EB91BACF498604B6F /System/Library/Keychains/SystemRootCertificates.keychain