What is auto-generating self-signed certificates on MacOS (Ventura)

Question

Level 1

8 points

What is auto-generating self-signed certificates on MacOS (Ventura)

I had created a self-signed certificate prior to the release of OS Ventura to allow email verification and signing (I'm not really interested in encryption), however I found that in the Apple email client, after updating to Ventura, this causes an error dialog to popup when sending email. The dialog states that because the public keys for the addressee are not available the message can't be encrypted. It does allow an override to send the email without encryption, but this has to be done for each email sent.

By deleting all my self-signed certificates I'm able to get the email client to send without the popup for a period of time, however something causes a self-signed certificate to be regenerated in the login keychain under "My Certificates" and the problem repeats.

I don't know what causes this certificate to be generated.I wouldn't have expected the certificate to auto-generate. It doesn't happen with each login, and also not after every system restart. This doesn't seem like correct behavior.

MacBook Air 13″, macOS 13.2

Posted on Feb 27, 2023 6:39 AM

Reply

Answer 1

Best reply

judysings

Community Specialist

Mar 1, 2023 5:07 PM in response to ppanish

Good afternoon ppanish,

It might be helpful for you to speak directly with an Apple advisor about this issue. Click the link below, choose the phone number for your region from the list, and call when it is convenient.

Contact Apple for support and service - Apple Support

Take care.

Reply

Answer 2

Mar 1, 2023 9:04 AM in response to ppanish

Hi ppanish,

From what you described in your post, we recommend you try the steps in the link below to help you troubleshoot the error you're receiving in macOS Ventura.

Create self-signed certificates in Keychain Access on Mac - Apple Support

1) In the Keychain Access app on your Mac, choose Keychain Access > Certificate Assistant > Create a Certificate.

2) Enter a name for the certificate.

3) Choose an identity type, then choose the type of certificate.

*For an explanation of certificate types, click Learn More.

*To manually specify the information in the certificate, such as key pairs, extensions, and encryption, click “Let me override defaults,” then follow the instructions. If you have questions while creating your certificate, click Learn More.

Note: You can create RSA keys up to 4096 bits. RSA keys smaller than 2048 bits are no longer supported.

4) Click Create.

5) Review the certificate, then click Done.

We recommend the steps above because they will show you how to create self-signed certificates in Keychain Access on your Mac.

Please let us know if creating a new self-signed certificate allows you to send emails from your Mac.

Thanks for using the Apple Support Communities.

Cheers!

Reply

Answer 3

ppanish Author

Level 1

8 points

Mar 1, 2023 4:38 PM in response to J_Johnnyboy

If you would have read the first line in my post it should have been clear that I know how to (and did) create a self-signed certificate. Perhaps that first caused this problem, I don't know. I have long since deleted that and all other self-signed certificates in all keychains.

This response does nothing to explain why the system is regenerating self signed certificates after I've deleted all of them. You don't in the slightest address the problem reported (and which is still happening).

It is the regeneration of this certificate that is causing the problem, which is also described in the post and which you also didn't bother to read.

Reply