macOS Sierra: If your certificate isn’t being accepted
If a certificate is not accepted, it may have expired or the way it’s being used may be invalid. For example, some certificates may be used for establishing a secure connection to a server but not for signing a document.
The most common reason a certificate isn’t accepted is that the certificate authority’s root certificate isn’t trusted by your computer. To have your computer trust a certificate authority, you must add the certificate authority to a keychain and set the certificate trust settings.
If an app (such as Safari) displays the root certificate from the certificate authority as part of the message from the certificate authority, drag the root certificate icon to the desktop.
Drag the certificate file onto the Keychain Access icon, or double-click the certificate file.
Click the keychain pop-up menu, choose a keychain, then click OK.
If you’re asked, enter the name and password for an administrator user on this computer.
Select the certificate, then choose File > Get Info.
Click the Trust disclosure triangle to display the trust policies for the certificate.
To override the trust policies, choose the trust settings you want to override from the pop-up menus.
For more information, see Certificate trust policies.