Vendredi 19 Août 2022
taille du texte
Jeudi, 01 Septembre 2011 16:02

Secure Your Mac Against Phony SSL Certificates

Rate this item
(0 Votes)

From Wired How-To Wiki

Stave off Gmail hack attempts by changing a simple setting. Photo by jeff_golden/flickr/CC

The Problem

Dutch SSL certificate authority (CA) Diginotar issued a fraudulent certificate for * in August 2011. This means that hackers can, and have been, impersonating Gmail with a "man in the middle" attack. The certificate is believed to have been issued by Iranian agents after they hack Diginotar. The exploit may have been used to spy on Iranian citizens' e-mail.

Why Should You Fix It?

SSL is the encryption used to secure your communications with banks, e-mail providers and anything else you don't want to be snooped. A rogue certificate will cause your computer to think it has contacted a trusted website, when in fact you're hooking up with a phony.

Here's a quick guide to making sure your computer knows who it's dealing with.

Mark the Certificate as Untrusted

On the Mac, certificates are stored in your keychain. To edit them, open up keychain access. You'll find it in your Utilities folder, inside the Applications folder:


Fire it up, and type "Diginotar" into the search box. You should get one result. We're going to revoke the entire Diginotar certificate authority.

Click on the certificate and click the "i" at the bottom of the window. You'll see this.

Click the "Trust" arrow and you'll reveal these options. You only have to change the first one from "System Defaults" to "Never Trust."

When you close this window, you'll be prompted for your admin password. Enter it, and you're done. You might want to check that your changes have worked. The window should now look like this:

You may have to click away and then back again to refresh the window.

Congratulations: You are now a little safer. Thanks to Coriolis for this how-to.

Original post by Charlie Sorrel,

This page was last modified 09:39, 1 September 2011 by howto_admin.


French (Fr)English (United Kingdom)

Parmi nos clients