How to replace missing root and intermediate certificates in Mac OS X v10.8

Let me preface this with the fact that I know nothing about networking / security / etc. Twice now, I've had issues with root certificates not working and throwing errors, even though they are still valid.

Here's the link to my last post that was was fixed after an update to the OS (at this point, I cannot update any further, as my system is frozen based on older software that requires it).

Safari can't verify the identity of the website errors

Now, the same issue happened again and I can't figure out what to do. I've been worried that this is a MiTM attack, but didn't know what to do to fix it at this point. I deleted the key in question that had a red x next to it in Keychain and tried to reinstall the keys through Pacifist, but its still not working (also, I dont see the Key now after using the Pacifist method, so I'm not sure how to get it back, but the websites are still throwing errors.

enter image description here

If anyone has any suggestions to fix the issue (as I would like to safely get into some websites that requires this), or a solution to the overall problem, I would be EXTREMELY happy (I will be offering reputation points as soon as the option is open or will send directly, if its possible to do, if someone helps me to fix this sooner than that).

I'm on OS 10.8.5 currently.

EDIT:
I installed it and it now says, under "InCommon RSA Standard Assurance Client CA" - This certificate was signed by an unknown authority." I also have 3 to 4 other login certificates that are showing errors, each one of them has some sort of message about the "InCommon RSA Standard Assurance Client CA." Strangely, theres another certificate that is showing no errors that is signed by the InCommon RSA Standard Assurance CLient CA, but with a different expiration date. I'm lost. I can post photos of all the errors if necessary.

UPDATE: Upgraded from 10.8.5 to 10.10.5. Certificate issues still persist.


Solution 1:

One should never delete a Root Certificate.

And you should never delete a Root Certificate that has been Marked as Invalid before its expiration Date has been reached.

There was a reason why it was marked as invalid.

Mostly because the Issuer of the Certificate mark it as invalid (this could have been done because he got hacked or whatever could have compromised his Root Certificate).

Now you/your Browser don't have the Root Certificate so you/your Browser aren't able to validate any Certificate which is trusted by this Root.

So it depends on the Browser and how it handles Certificates of a Root it doesn't know.

If the Browser acts correct he will show you each Certificate based on this Root as invalid but some Browsers (at least in Past) didn't handle this correct and would have shown Certificates without a Root they know as valid.

Solution 2:

My first best option would be to back up your files, wipe the machine entirely and reinstall the operating system from known good media. Especially since you say this issue has been going on for a while and you are unable to recall all the changes you've made. This is the fastest, safest option.

If that isn't an option, then you need to download and replace all the root certificates that were deleted. Find a machine that you trust and use it to download the root or intermediate certificates from trustworthy sites. Each time you get a message saying "...signed by an untrusted issuer" you need to locate the certificate that was used to sign it, download it and install it. That is the only way to get rid of these errors. Sorry but there is no quick fix that is going to undo this damage.

Lastly, I would seriously, strongly recommend updating to the most recent version of macOS that will install on your Mac. You seem to be concerned about security. Running an operating system that Apple stopped patching (i.e. abandoned) in August 2015 isn't a good idea. If you are stuck using 10.8.5 because pieces of software haven't been updated it is time to drop them or even post question(s) here looking for help either getting them working on newer versions of macOS or finding replacements.

Solution 3:

Download and install the AddTrust External CA Root which is linked from Comodo.

Solution 4:

I understand you want to fix your Apple certificates and I´m sorry you are having problems. First off you need to understand what certificates were intended for originally and what they have become in the new modern economy of corporate driven 3d proxy internet. A certificate is a text file that usually has 1024 2048 etc. Characters. In other words, root and user certificates are just two separate text files that maintain a mathematical relationship.

Go ahead and compare the certificate installation process for Google Android Studio and Xcode iTunes Submit. With Xcode you need a whole inter-department banana farm of certificate garbage at Apple to get up-and-running. Google is a download and click.

Now I hate to tell you this but you need to break the certificate engine inside OSX with a linux patch because the only way the root certificate at apple will build pyramid math to approve your certificate is if your mac is under warranty.

Also keep in mind if you are within the United Kingdom it is illegal to participate in a planned obsolescence plan such as Apples illegal misuse of data certs as blacklisting technology.

Good luck!