User profile for user: MrHoffman
MrHoffman Community+ 2025
User level: Level 10
(144,509 points)

Certificate Trust Store on iPhone, iPad, Mac

by:  MrHoffman
Last modified: Sep 24, 2025 4:00 PM
32 4429 Last modified Sep 24, 2025 4:00 PM

⚠️ incomplete ⚠️ work in progress ⚠️


The Trust Store is a component of the Apple implementations of security, encryption, and distributed authentication.


The trust store is part of Apple operating systems, and the contents of the Trust Store are (in longstanding practice) common across iPhone, iPad, and Mac. And as part of the operating system, the trust store cannot be modified by end-users or third-party apps, same as the many other similarly-protected parts of the installed environment.


How does the trust store work? Certificates presented by individuals and apps that self-identity can be mathematically traced back to the public root certificates present in the Apple Trust store to be considered trusted.


Here is an illustrative example of how public key cryptography works more generally, as if this were then known and being implemented back in 1939: https://shkspr.mobi/blog/2025/07/it-is-1939-and-you-want-to-use-public-key-cryptography/


How and when is the trust store modified? Apple updates the contents of the trust store when necessary. Not on any particular schedule. If a certificate authority vendor has not been added or removed, and if existing root certificates need no changes, then there is no need to alter and re-publish and re-ship the trust store.


When an update to the trust store is needed, the trust store update then ships with the next associated operating system releases, and continues to be part of subsequent releases until the next trust store update.


The trust store is protected against modifications just like any other part of iOS.


2025072000 is the trust store for iOS 26, iPadOS 26. And macOS 26.


2025031200 is the trust store for iOS 18.5, iPadOS 18.5, and macOS 15.5.


2025022600 is the trust store with iOS 18.4, iPadOS 18.4, and macOS 15.4.


2024051501 is the current trust store for iOS 18.3.2, iPadOS 18.3.2, and macOS 15.3.2.


An not-always-current history of trust stores: Available root certificates for Apple operating systems - Apple Support


As an example, here are the certificates associated with the 2024040500 trust store (note: 00, not 01), directly from what Apple uses to build the trust store:

https://github.com/apple-oss-distributions/security_certificates/tree/security_certificates-55297.120.3


Here is the asset version showing the 2024040500 asset version number (again note this is the base build 00, not the 01 update):

https://github.com/apple-oss-distributions/security_certificates/blob/security_certificates-55297.120.3/config/AssetVersion.plist


For comparison, here is 2025022600:

https://github.com/apple-oss-distributions/security_certificates/blob/rel/security_certificates-55313/config/AssetVersion.plist


Here is the path to the referenced GitHub source code directly available from and documented on the main Apple website:

https://opensource.apple.com/releases/


Per Apple: “The trust store version is a number in the format YYYYMMDDNN, where YYYY is the year, MM is the month, DD is the day, and NN is the build number. By convention, NN=00 for base builds that will ship with an OS release, and a non-zero value for asset builds that ship as a standalone update. For example, 2015011900 indicates the trust store contents were changed on 19 Jan 2015, and this is a base build. If the trust store is being produced as a standalone update, this could be 2015011901 instead.”


Apple has a support document related to the trust store, though this support document can tend to be out of date:

Available root certificates for Apple operating systems - Apple Support


Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up