Welcome to the MacNN Forums.

Waragainstsleep · Sep 5, 2011, 04:39 AM

I guess this thread is a public service announcement. Apologies if I missed it somewhere else but it doesn't seem to have gotten all that much publicity.

Hackers recently stole up to 200 SSL certs from diginotar.nl that could allow them to spoof sites which your computers will recognise as legit since they have the genuine certs. Supposedly they are only using them to spy on peoples gmail in Iran but that doesn't mean they will stop there or that they won't sell them on.

Anyway, here are the instructions to make your Macs safe since Apple probably won't issue a fix with any kind of urgency:

Protecting Your Mac From the DigiNotar.nl Certificate Compromise — ps Enable

P · Sep 5, 2011, 06:39 AM

Good initative. I think I'll sticky this for a while, and we can remove it when the update is released.

Thorzdad · Sep 5, 2011, 07:55 AM

I've been following this since I first read about it at Ars Technica. THis is the first time, though, that I've seen any mention of downloading and installing intermediate certificates for DigiNotar. The fixes on all browsers have simply been to just delete the DigiNotar certs.

ghporter · Sep 5, 2011, 09:51 AM

Perhaps a quick step-by-step lesson on removing certificates would be helpful; I can't figure that out, though I've managed to "un-trust" the one instance of a DigiNotar certificate I have on my system.

Thorzdad · Sep 5, 2011, 10:06 AM

Glenn, to remove the DigiNotar cert using Keychain Access, simply highlight the DigiNotar cert and hit "Delete" on your keyboard.

ghporter · Sep 5, 2011, 11:59 AM

That didn't work when I tried it. It don't ask me to authenticate, it just made that lovely "clunk" sound that says "your action was not successful/appropriate/etc."

Should I log in as Admin, or is there something else to try?

And what about certificates on iOS devices? This is now scary...

ghporter · Sep 5, 2011, 12:14 PM

I was able to kill it in the System keychain, but not in the System Roots chain, where I spent quite a while trying different ways of deleting contents...

Thorzdad · Sep 5, 2011, 12:43 PM

Weird.
When I killed it in Keychain Access, I just did a search for "diginotar", highlighted it, hit delete, entered my admin credentials, and *poof* it was gone.

P · Sep 5, 2011, 01:36 PM

This was actually not straightforward, so here is how I did it.

1) Open Keychain Access
2) In the searchbox, type "diginotar"
3) This should show two certificates. Select each in turn, press delete and the certificate should disappear after you enter the admin password.

Finding it in the long list in System Root doesn't let you delete it, for some reason, but if you delete it this way, it will go away.

ghporter · Sep 5, 2011, 02:14 PM

Very weird. I followed P's instructions and killed it dead. I only had one such cert though. Nothing else came up in the search.

P · Sep 10, 2011, 08:47 AM

The latest Mac OS X security update (2011-005) for Lion and Snow Leopard resolves this issue. The instructions are still valid for previous OSes, but for all others, I recommend that you run software update instead.

tightsocks · Sep 11, 2011, 04:45 PM

I had a similar problem when I tried deleting the cert.
Apparently, you must search for the cert and delete it from the search results. Manually locating it and using delete won't work.