Level 1 (0 points)
-
Re: DoD Root CA 2 Not Trusted
Apple Staff (13,325 points)
What do you mean by “my keychain”. When I open Keychain Utility in a vanilla macOS 10.12, I see the DoD Root CA 2 listed in the System Roots keychain, and flagged as trusted there.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"-
Re: DoD Root CA 2 Not Trusted
Level 1 (0 points)
On my MacBook Pro and on my iMac (Both running MacOS - but have been upgraded from previous OSX versions), when I open the Keychain Utility
The "DoD Root CA 2" has a red X and says "This root certificate is not trusted".
I am trying to figure out:
- Why it says that it is not trusted?
- What do I need to do to get the "trusted" version back?
Thank you
-
Re: DoD Root CA 2 Not Trusted
Apple Staff (13,325 points)
when I open the Keychain Utility
The "DoD Root CA 2" has a red X and says "This root certificate is not trusted".
What shows up in the Keychain column for that item?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"-
Re: DoD Root CA 2 Not Trusted
Level 1 (0 points)
So, I now have 3 of the DOD Root CA-2 certificates in my keychain. Here is what they look like...
http://perlguy.net/DoDRootCA2_03-09-2019.png
http://perlguy.net/DoDRootCA2_09-06-2019.png
http://perlguy.net/DoDRootCA2_12-05-2029.png
The latest one I downloaded & installed from a DoD site. So, they are either not signed by a known authority, or they are untrusted.
I really appreciate your help and hope that I can get this issue completely resolved.
Thank you,
Brent
-
Re: DoD Root CA 2 Not Trusted
Apple Staff (13,325 points)
So, I now have 3 of the DOD Root CA-2 certificates in my keychain.
Alas, you didn’t answer my earlier question: what shows up in the Keychain column for these items?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"-
-
Re: DoD Root CA 2 Not Trusted
Apple Staff (13,325 points)
Yeah, something weird is going on here. On a freshly installed macOS 10.12 machine here in my office the DoD Root CA 2 root certificate is in the System Roots keychain, where is where you’d expect to find built-in root certificates, and it’s marked as trusted. However, my day-to-day work machine is showing exactly the same state as you’re seeing: DoD Root CA 2 is in the login keychain and is thus untrusted. I suspect that there’s something broken in how the system roots are handled during an OS upgrade.
You should file a bug about this; please post your bug number, just for the record.
You should be able to work around this by dragging the DoD Root CA 2 to your System (not System Roots) keychain and then marking it as trusted, just like you’d trust any other root certificate.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com" -
-
-
-
Re: DoD Root CA 2 Not Trusted
Level 1 (0 points)
Hello,
Did you ever get this resolved? It's 2017 and I have this issue. I have one DoD cert that's not trusted and two unverified; what do I do to resolve this? I have a related question and in could this be the reason I can't send an encrypted e-mail to a DoD authority (lock in grayed out in mail)? It seems like the certificate isn't assocaited to the address (contact).
-
-
-
