The simplest means to do that is to switch your System Root certificates from one other Mac to which you’ve entry that runs a extra trendy model of macOS. (Why not simply obtain them? See notice that the tip of this reply.)
- First discover the extra trendy Mac with a working set of System Root certificates (i.e. that may entry the problematic web pages)
- On that Mac, launch Keychain Entry, choose “System Roots”, choose all of the certificates, choose File->Export, and export them as
rootcerts.pemfile. This file will include all of the certificates concatenated. - Copy the
rootcerts.pemfile to your vintage mac - Make the trustroot shell script under, e.g. by copying it right into a file, then utilizing
chmod 755 trustroot - Run
sudo ./trustroot rootcerts.pem
#!/bin/bash
DIR=${TMPDIR}/trustroot.$$
mkdir -p ${DIR}
lure "rm -rf ${DIR}" EXIT
cat "$1" | (cd $DIR && /usr/bin/cut up -p '-----BEGIN CERTIFICATE-----' - cert- )
for c in ${DIR}/cert-* ; do
safety -v add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "$c"
executed
rm -rf ${DIR}
What the script does is splits the .pem file into quite a lot of certificates within the short-term listing involved, then provides them as trustRoot certificates to the System key chain; they may then function as trusted roots along with the certificates within the authentic “System Roots” keychain. In case you have been questioning, you can not add them to the System Roots keychain as that may solely be up to date by the working system.
Be aware this copies over the primary group of certificates (“Trusted Certificates” within the query), however not the second nor the third.
Kudos to this reply for a touch.
You may marvel why I did not merely put a hyperlink to a extra trendy bundle of certificates someplace on the net. In any case, that might assist you to skip steps 1-3, and easily obtain rootcerts.pem. The reply is that you’d haven’t any means of understanding that I had not tampered with the foundation certificates and inserted certainly one of my very own, permitting me to impersonate any web site by making a pretend certificates signed with my very own root certificates. Please subsequently deal with with excessive skepticism any recommendation to resolve this downside by downloading root certificates from wherever until you may independently examine the provenance of these certificates.
That stated, when you’ve got no different possibility, an affordable place to obtain a certificates bundle could be from the curl web page right here (untested), as most individuals belief curl.