fine tune instructions for Apple.pem

2024-12-29 04:49:44 +01:00 · 2022-07-01 21:45:02 +02:00 · 2022-07-01 21:45:02 +02:00 · f1003d62f8
commit f1003d62f8
parent 8b580d1448
1 changed files with 4 additions and 4 deletions
--- a/etc/README.md
+++ b/etc/README.md
@ -10,11 +10,11 @@ The certificate trust stores were retrieved from
 * **Apple:**
    1. __System:__ from Apple OS X keychain app.  Open Keychain Access utility, i.e.
  In the Finder window, under Favorites --> "Applications" --> "Utilities"
-  (OR perform a Spotlight Search for Keychain Access)
+  (OR perform a Spotlight Search for "Keychain Access")
-  --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
+  --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System Root"
  --> "Category" --> "All Items"
-  Select all CA certificates except for Developer ID Certification Authority,  "File" --> "Export Items"
+  Select all CA certificates except for "Developer ID Certification Authority", omit expired ones,  "File" --> "Export Items"
-    2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
+    2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-<latest>/certificates/roots/``
 Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.