Can't set own self-signed root certificate to "Always Trust" on macOS Sierra
I have a root CA certificate I created for my personal software development needs. I want to add it to the keychain as a trusted certificate.
I am running macOS Sierra 10.12 which I just installed this morning.
I unlock the System keychain.
I added the certificate to the "System" keychain. It is showing up with a red X and the warning reads that "This certificate was signed by an unknown authority." This is expected.
I right click on it and select the "Get Info" item. A screen appears with trust details. Form the "When using this certificate" dropdown, I choose "Always Trust" and close the window. Nothing happens. The certificate remains untrusted. If I click on "get Info", the setting is still "Use System Defaults".
I was running MacOS X 10.9.5 previously. I had this exact certificate marked as trusted in the "login" keychain.
The same issue happens if I do the above steps in the "login" keychain.
If I select "Never Trust", I get asked for my password and to save settings. However, this is the opposite of my intention. I want to "Always Trust" this certificate. It's as if macOS is shifting its eyes and whistling, making believe it did not see me select this menu item.
What do I need to do to mark my own self-signed root certificate as "Always Trust"ed?
Solution 1:
I had this problem on Sierra with a very old root cert signed with MD5. Creating a new root CA certificate signed with SHA256 solved the issue.