You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Digital certificates and runaway trustd

Just upgraded from El Capitan (10.11) to Sierra (10.12). Upgraded the o/s, kept my applications and data on both an early 2011 MacBook Pro and a late 2013 iMac.


First issue noted was that Outlook 2016 for Mac hung on the iMac if I tried to open a digitally signed message (DoD PKI-signed). Had to force quit.


Next issue noted was that Keychain Access hung when I tried to start it. No Keychain Access window ever appeared, though the icon showed in the dock. Opened Activity Monitor to investigate and found that the process trustd appeared to have run away. The process memory was over 1 GB. Forced-quit Keychain Access, then sent a HUP signal to my trustd process via the terminal. Once it reappeared, trustd process memory was at 11.9 MB.


Attempted to open Keychain Access again, but it hung again. I let it go for a while, and Sierra informed me that it had become unresponsive (thanks!). Killed it, then looked at trustd's memory allocation. It was approaching 2 GB.


I upgraded the Macbook Pro at the same time (won't do that again). Soon after logging in, I noted that the fan spun up. When it didn't slow down after a bit, I opened Activity Monitor and saw that trustd's process memory exceeded 8 GB. (The total physical memory on the Macbook is 8 GB.)


On both the iMac and the Macbook, I created new login keychains to get rid of all personal digital certificates.


That helped on the iMac. I can work within the old keychain, provided I don't access certificates. If I do, Keychain Access hangs and trustd runs away. I can get back to normal by sending it a HUP and force-quitting Keychain Access. Also, Outlook hangs and trustd runs away if I touch a digitally signed message. Again I can return to normal by force-quitting Outlook and sending a HUP to trustd.


The fresh login keychain did not help on the laptop. trustd would run away, eating up memory in the process. I could reset by sending it a HUP, after which it would release the memory, but then it would run away again. Starting from scratch (erase hard drive, install Sierra) resolved the runaway trustd issue. I have not restored the keychain that contained the digital certificates.


Is this an issue with trustd? I need personal digital certificates to work on at least one of the computers.

iMac (27-inch, Late 2013), macOS Sierra (10.12)

Posted on Sep 22, 2016 2:34 PM

Reply
Question marked as Top-ranking reply

Posted on Mar 30, 2017 11:10 AM

Appears to be solved. At some point, DoD ECA PKI certificates picked up a new, invalid trust chain. Keychain froze, trustd ran away if I tried to access these certificates. Turns out one or all of Federal Bridge, Federal Root, or Federal Common certificates somehow found their way into the trust chain for DoD ECA PKI certificates. Used the command line tool to find the certificates ($ security find-certificate -a -c "Federal Common" -Z ) and delete them ($ security delete-certificate -Z <SHA-1 hash from find>). 24 hours and no runaway trustd...

9 replies
Question marked as Top-ranking reply

Mar 30, 2017 11:10 AM in response to jwpoland

Appears to be solved. At some point, DoD ECA PKI certificates picked up a new, invalid trust chain. Keychain froze, trustd ran away if I tried to access these certificates. Turns out one or all of Federal Bridge, Federal Root, or Federal Common certificates somehow found their way into the trust chain for DoD ECA PKI certificates. Used the command line tool to find the certificates ($ security find-certificate -a -c "Federal Common" -Z ) and delete them ($ security delete-certificate -Z <SHA-1 hash from find>). 24 hours and no runaway trustd...

Sep 27, 2016 1:30 PM in response to GigglingGalaxy

I found a solution to my runaway.


Exit it all your programs and kill trustd with Activity Monitor.


Run Keychain Access (in your utilities folder). Visit your keychains one by one. At least one of them should cause the program to hang (endless beachball cursor). Force quit keychain access.


Go to ~/Library/Keychains.


Delete any files ending in .db. Move the keychain to the Desktop (for now).


Restart.


The system should rebuild the keychain from iCloud, although you may need to enter some passwords again. if all looks good then delete the file you moved to your desktop.


My problem keychain was "system".

Oct 4, 2016 7:45 AM in response to GigglingGalaxy

I just did a fresh install (of macOS Sierra) with fresh user, without restoring any settings, users, preferences; just music, photos, and movies. And my laptop is STILL having the same issue. Trustd (and Safari Newtworking and Mail Networking) hogs CPU and fan speed kick up. All internet-based apps take forever to connect to a server (or they just fail to connect).

Digital certificates and runaway trustd

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.