security: SecKeychainItemDelete: UNIX[Operation not permitted] on OS X when trying to remove a system root expired cert
Solution 1
It's just System Integrity Protection (SIP) that prevents even root from modifying the contents of /System — you can toggle it by booting to the Recovery Partition (reboot holding Command-R) and then running csrutil disable command in the Terminal (more details). With SIP disabled, you can reboot and then your commands will be permitted.
Solution 2
Disable SIP in the recovery mode:
csrutil disable
Reboot and then:
sudo mount -uw /
killall Finder
Now you should be able to remove certificates.
Related videos on Youtube
07 : 03
02 : 58
![SecKeychainItemDelete: UNIX[Operation not permitted] on OS X when trying to remove a system root...](https://i.ytimg.com/vi/jDDurIY73s0/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAbp1vt81gZA3cVdI88qRRmBBiCiQ)
01 : 30
44 : 35
01 : 58
Wingzero
Former Adobe, EMC, a local startup and now with App Annie as iOS developer.
Updated on September 18, 2022Comments
-
Wingzero over 1 year
So I see some expired certs under 'System Roots' (not 'System'), so I want to delete them via cmd.
sudo security delete-certificate -c A-Trust-nQual-01 /System/Library/Keychains/SystemRootCertificates.keychainHowever bash reports
security: SecKeychainItemDelete: UNIX[Operation not permitted]
I entered the correct password for sudo for sure. How can I proceed?
OS: latest MAC OS X release, not beta.
Update: I even tried with sudo su as root, still not work:
sh-3.2# security delete-certificate -c A-Trust-nQual-01 /System/Library/Keychains/SystemRootCertificates.keychain security: SecKeychainItemDelete: UNIX[Operation not permitted] sh-3.2# whoami root sh-3.2# -
Wingzero about 8 yearsthanks! I decided to change CRL to best attempt to work around
-
gaurav5430 almost 4 yearswhat is CRL ? how does it help with the above case ?