So you found something called trustd running on your Mac, and are now wondering if it can be…trusted. The good news is you have nothing to worry about: this is part of macOS.
This article is part of our ongoing series explaining various processes found in Activity Monitor, like kernel_task, hidd, mdsworker, installd, WindowServer, blued, launchd, dbfseventsd, coreaudiod and many others. Don’t know what those services are? Better start reading!
Today’s process, trustd, is a part of macOS itself, and has been since 10.12 Sierra. It is a daemon, which means it’s a process that runs in the background performing critical system tasks. To be specific, trustd manages and checks certificates.
To quote the trustd man page:
trustd provides services for evaluating trust in certificates for all processes on the system.
So what is a certificate? It’s a digital signature that browsers user to verify website identities and protect against imposters. When using Safari, for example, these certificates confirm that the URL you’re looking at is actually from the domain you request. These certificates are also used to encrypt your web traffic with HTTPS. You can examine the certificates themselves by clicking the lock icon next to a URL:
On macOS, these certificates are also used by Mail and Messages to confirm identities. It’s trustd that’s examining and managing these certificates behind the scenes, which is why anyone setting up a third party firewall will see near constant notifications about trustd. Confirming these certificates means it’s connected to the web, double checking that everything is on the level.
Your computer comes with a list of trusted and blocked certificates; others are added to your computer when you load a specific website. You can review the certificates currently on your system with Keychain Access, an application you’ll find in Applications > Utilities.
Click the “Certificates” button at bottom-right and Keychain Access will filter out everything else. It’s the best way to see what trustd is doing on your computer. It’s also the only way to check for dangerous certificates on your Mac.
Photo credit: Fabian Irsara