閱讀115 返回首頁    go iPhone_iPad_Mac_apple

Digital certificates and runaway trustd

Just upgraded from El Capitan (10.11) to Sierra (10.12). Upgraded the o/s, kept my applications and data on both an early 2011 MacBook Pro and a late 2013 iMac.

 

First issue noted was that Outlook 2016 for Mac hung on the iMac if I tried to open a digitally signed message (DoD PKI-signed). Had to force quit.

 

Next issue noted was that Keychain Access hung when I tried to start it. No Keychain Access window ever appeared, though the icon showed in the dock. Opened Activity Monitor to investigate and found that the process trustd appeared to have run away. The process memory was over 1 GB. Forced-quit Keychain Access, then sent a HUP signal to my trustd process via the terminal. Once it reappeared, trustd process memory was at 11.9 MB.

 

Attempted to open Keychain Access again, but it hung again. I let it go for a while, and Sierra informed me that it had become unresponsive (thanks!). Killed it, then looked at trustd's memory allocation. It was approaching 2 GB.

 

I upgraded the Macbook Pro at the same time (won't do that again). Soon after logging in, I noted that the fan spun up. When it didn't slow down after a bit, I opened Activity Monitor and saw that trustd's process memory exceeded 8 GB. (The total physical memory on the Macbook is 8 GB.)

 

On both the iMac and the Macbook, I created new login keychains to get rid of all personal digital certificates.

 

That helped on the iMac. I can work within the old keychain, provided I don't access certificates. If I do, Keychain Access hangs and trustd runs away. I can get back to normal by sending it a HUP and force-quitting Keychain Access. Also, Outlook hangs and trustd runs away if I touch a digitally signed message. Again I can return to normal by force-quitting Outlook and sending a HUP to trustd.

 

The fresh login keychain did not help on the laptop. trustd would run away, eating up memory in the process. I could reset by sending it a HUP, after which it would release the memory, but then it would run away again. Starting from scratch (erase hard drive, install Sierra) resolved the runaway trustd issue. I have not restored the keychain that contained the digital certificates.

 

Is this an issue with trustd? I need personal digital certificates to work on at least one of the computers.

I am also having problems with a runaway trustd, although slightly different triggers.  I am trying to sync my mailboxes from several of my servers.  It downloads a few hundred saved messages, then trustd goes into overdrive, the fan kicks in, and the computer runs nothing except trustd.

Same. I do NOT want to do a complete reinstall. NOT going to. Any other options?

I found a solution to my runaway.

 

Exit it all your programs and kill trustd with Activity Monitor.

 

Run Keychain Access (in your utilities folder). Visit your keychains one by one. At least one of them should cause the program to hang (endless beachball cursor). Force quit keychain access.

 

Go to ~/Library/Keychains.

 

Delete any files ending in .db.  Move the  keychain to the Desktop (for now).

 

Restart.

 

The system should rebuild the keychain from iCloud, although you may need to enter some passwords again.  if all looks good then delete the file you moved to your desktop.

 

My problem keychain was "system".

I just did a fresh install (of macOS Sierra) with fresh user, without restoring any settings, users, preferences; just music, photos, and movies. And my laptop is STILL having the same issue. Trustd (and Safari Newtworking and Mail Networking) hogs CPU and fan speed kick up. All internet-based apps take forever to connect to a server (or they just fail to connect).

What exactly do you mean by 'visit'?

Sorry.  By "visited" I mean, click on the keychain and examine its content.  If you can view items in the keychain, it is okay.  If the program hangs when you try to see the contents, it is bad.

Appears to be solved. At some point, DoD ECA PKI certificates picked up a new, invalid trust chain. Keychain froze, trustd ran away if I tried to access these certificates. Turns out one or all of Federal Bridge, Federal Root, or Federal Common certificates somehow found their way into the trust chain for DoD ECA PKI certificates. Used the command line tool to find the certificates ($ security find-certificate -a -c "Federal Common" -Z ) and delete them ($ security delete-certificate -Z <SHA-1 hash from find>). 24 hours and no runaway trustd...

I tried this and it didn't help.

In my case, it was ~/Library/Keychains/Microsoft_Intermediate_Certificates

 

Figures.  No idea how it got there in the first place.

最後更新:2017-08-20 23:33:25

  上一篇:go cant upgrade mid 2011 imac
  下一篇:go No black printing!