CNNIC Root Certificate Missing

As many people know, CNNIC certificates put your computer at risks.

https://en.wikipedia.org/wiki/China_Internet_Network_Information_Center#Fraudulent_certificates


After I installed El Capitan DP2 from scratch on my Mac, it was found that CNNIC root certificate is missing in Keychain Access application, which made it impossible that manually untrust CNNIC certificates to prevent my computer from risks.


And when I browsing the websites which entrust SSL connection to them with a CNNIC certificate, the browser says that: due to system's default settings, the connection is entrusted.


But as there is no CNNIC root certificate appeared in Keychain Access, how it is possible to make the browser entrusted to CNNIC certificate by system default settings? Or Apple just hide the CNNIC root certificate for some reason?

Up vote post of WeZZard Down vote post of WeZZard
1.3k views
Posted by
WeZZard
Reply
Add a Comment

Replies

I think Apple is addressing this by whitelisting a subset of the certs issued by CNNIC. Or at least that's my understanding.


"An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to partially trust a CA by trusting only a set of certificates."


https://support.apple.com/en-gb/HT204938

Posted by
mmorris
Up vote reply of mmorris Down vote reply of mmorris
Add a Comment