Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is interesting, it's in my login keychain, as well, alongside "DigiCert Global CA" that expired on the 14th.

The most obvious answer would be that it's being installed by some widely-used piece of software, but I don't know what.

Pity the "Date Modified" column is empty, and I don't think there's really a log of what added things to the keychain.



I'd love to hear theories for what might have installed it. If anyone still has that certificate, it would be helpful to export it and email it to support@stripe.com.

We've worked around the issue for now by not using EV certificates, which isn't a great solution.


I've sent both the recently expired DigiCert certs.

Could be just about anything. In my case, my keychain has followed me from one Mac to the next since before the cert that expired today was ever issued, so it could have ended up in there anytime in the last ~8 years from anything I might have had installed dating back to my PowerBook G4...

Virtualization software might be a candidate.

Actually, I just had another thought: Steam. And when I just tried to go to https://store.steampowered.com/, guess what certificate is in the trust chain?


Two Macs here, both with Steam, both have the problem. Oh, they both have VirtualBox as well.


I had the expired certificate. I've never installed Steam, but I have installed VMWare Fusion.


I used to have the cert (deleted a while ago), and I've never installed Steam.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: