You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Updating Certificates/CAs

This article (https://support.apple.com/en-us/HT204446#:~:text=To%20update%20a%20certificate%2C%20in,certificate%20profile%2C%20then%20click%20Update.) claims "To update a certificate, in the Profiles pane of System Preferences, click the certificate profile, then click"


But there is no "certificate profile" in System Preferences on Catalina. wtfo??

MacBook Pro 16″, macOS 10.15

Posted on Jun 4, 2020 3:54 PM

Reply
Question marked as Top-ranking reply

Posted on Jun 5, 2020 6:35 PM

Apple updates root CA certificates when it releases updates.

The article you read about profile-based certificate updates are for companies to distribute certificates for the company using their Mobile Device Management system. It is not for normal users to update certificates.


Did you try to download it in Safari or another browser?

Once downloaded, copy it to /usr/local/bin


The version of curl installed on Catalina may not have access to the current root CAs

Similar questions

7 replies
Question marked as Top-ranking reply

Jun 5, 2020 6:35 PM in response to glimpse

Apple updates root CA certificates when it releases updates.

The article you read about profile-based certificate updates are for companies to distribute certificates for the company using their Mobile Device Management system. It is not for normal users to update certificates.


Did you try to download it in Safari or another browser?

Once downloaded, copy it to /usr/local/bin


The version of curl installed on Catalina may not have access to the current root CAs

Jun 5, 2020 6:14 PM in response to Barney-15E

I'm not a company. I'm a person. I asked this question because of an issue that has come up trying to use `curl` to download a utility from a `https` website iaw these instructions. Attempting a download of this on my Macbook Pro (Catalina) gives an error:


curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html


The "more details" webpage did not provide a clear resolution, except that it seemed the issue was with the administrators of the website: https://yt-dl.org


When I asked the youtube-dl maintainers at github about it, they insisted that their certificate was current and valid, and provided this link as providing "the answer" to resolution of the issue!?!


As I read throught this, I was impressed by the following statement:


What You Need to Do
or most use cases, including certificates serving modern client or server systems, no action is required, whether or not you have issued certificates cross-chained to the AddTrust root.


And so it seems that the youtube-dl maintainers feel *strongly* this is not their problem. I asked the question in an effort to determine if there was something I needed to do, or could do to rectify the issue.


Jun 5, 2020 6:44 PM in response to Barney-15E

Yes - for companies... if the page indicated it was for companies only, then I missed that.


And thanks! - your reply has triggered more questions:


How would I download the "CA certificate" to put into /usr/local/bin?


I'm using the `curl` that was shipped with macOS Catalina when I bought it earlier this year. Are you suggesting that another version might be more likelyto have access?


Jun 5, 2020 7:17 PM in response to glimpse

I meant to download the thing you are trying to download. Curl is just a command line browser, of sorts, to download files. Copy the URL and paste it into Safari and it will download the file.

To open a Finder window at /usr/local/bin, use Go To Folder in Finder and copy/paste in that path. You can then copy the file from Downloads into /usr/local/bin.

Updating Certificates/CAs

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.