How to remove a corrupted Trust Settings Record?

keychain security

I was trying to add a trusted cert using security add-trusted-cert -d ..., but somehow the Trust Settings Record became corrupted. I can see this whenever I try to add another trusted cert, or when dumping trust settings:

$ sudo security dump-trust-settings -d
SecTrustSettingsCopyCertificates: The Trust Settings Record was corrupted.

I tried restoring the keychain from backup, and then deleting the login keychain completely, but I still get the error. This makes me think the trust settings are stored in another db or something. Any ideas on how I can delete all the trust settings?


Solution 1:

I finally found the Admin trust settings. It's in a file called Admin.plist in the /Library/Security/Trust Settings directory. Deleting this file cleared the error!

There are other files in that directory that are named <UUID>.plist, where UUID is the value of the GeneratedUID key in the user record. You can see this value with this command:

dscl . cat /Users/<short login name> GeneratedUID`

These files store the per-user trust settings.

Related

Whatsapp backup stuck at 0% [duplicate]
OS X: is there any (area selection) screenshot tool that can upload to Imgur?
How do I force an image to use when a website is shared?
Is there a power bank that would work properly on MacBook Pro (15-inch, 2019)?
How do I force macOS to update? [duplicate]
OSX Lion - missing csrutil command
Macbook Air (2013) trackpad not responding
Camera QR Code Scan always open in different safari
Voice Memos (ios app) recording to Google Drive
Force quit shortcut?
How to use multiple array in one countif formula
speakers muted automatically for some reason