As many people know, CNNIC certificates put your computer at risks.
https://en.wikipedia.org/wiki/China_Internet_Network_Information_Center#Fraudulent_certificates
After I installed El Capitan DP2 from scratch on my Mac, it was found that CNNIC root certificate is missing in Keychain Access application, which made it impossible that manually untrust CNNIC certificates to prevent my computer from risks.
And when I browsing the websites which entrust SSL connection to them with a CNNIC certificate, the browser says that: due to system's default settings, the connection is entrusted.
But as there is no CNNIC root certificate appeared in Keychain Access, how it is possible to make the browser entrusted to CNNIC certificate by system default settings? Or Apple just hide the CNNIC root certificate for some reason?