delete-unknown-root-ca

delete-unknown-root-ca copied to clipboard

Delete Known Government-Linked Certificate Authorities in OSX

Inspired by http://zitseng.com/archives/7489

Deletes Known Government Controlled Root Certs from OSX 10.10

Also removes any user trust settings for each certificate

WARNINGS

• Do not run unless you understand what this is doing
• The CA system is broken by design - This is not a fix for that
• This is merely a band-aid for those interested or concerned about these root CAs

Usage

chmod +x delete_gov_roots.sh
./delete_gov_roots.sh

You'll be prompted for your password as root access is required to delete system-wide root certs.

Contributing

Either submit a pull request or provide me with the SHA1 of the root-ca you've found:

See Also

• https://github.com/chengr28/RevokeChinaCerts
• http://convergence.io
• https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
• https://github.com/kirei/catt
• https://www.eff.org/observatory
• https://bugzilla.mozilla.org/show_bug.cgi?id=478418
• http://support.apple.com/en-us/HT202858
• https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
• http://googleonlinesecurity.blogspot.com.au/2015/03/maintaining-digital-certificate-security.html
• http://www.theregister.co.uk/2016/09/27/mozilla_wants_woeful_wosign_certs_off_the_list/