smcleod.net

chicken scratchings with Sam McLeod

Delete Government-Linked Certificate Authorities in OSX

Inspired by http://zitseng.com/archives/7489

WARNINGS

  • Do not run unless you understand what this is doing
  • The CA system is broken by design - This is not a fix for that
  • This is merely a band-aid for those interested or concerned about these root CAs

Usage

chmod +x delete_gov_roots.sh
./delete_gov_roots.sh

You’ll be prompted for your password as root access is required to delete system-wide root certs.

sha1

See Also

  • http://convergence.io
  • https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/
  • https://github.com/kirei/catt
  • https://www.eff.org/observatory
  • https://bugzilla.mozilla.org/show_bug.cgi?id=478418
  • http://support.apple.com/en-us/HT202858
  • https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning