About trust and certificates
Each OS X Trust Store listed below contains three categories of certificates:
- Trusted certificates establish a chain of trust that verifies other certificates signed by the trusted roots—for example, to establish a secure connection to a web server. When IT administrators create Configuration Profiles for OS X, these trusted root certificates don't need to be included.
- Always Ask certificates are untrusted but not blocked. When one of these certificates is used, you'll be prompted to choose whether or not to trust it.
- Blocked certificates are believed to be compromised and will never be trusted.