(2016-05-20, 05:08)scriptkiddie Wrote: Most of the certificates (those with apple in the title) I didn't delete
If you did not delete anything of importance, you still might get a comparatively cheap experience.
Removing and reinstalling those addons which cause problems
possibly might help; absolutely no guarantee though.
Quote:I only deleted two sketchy CAs
You really mean CA's, i.e., Certificate Authorities? Unlike leaf certificates, these are normally used not directly to validate other certificates (which, without the CA's, are invalid).
In this case, you might go through certificates in your Keychain, check the invalid ones, look which CA they are signed (this is displayed in Keychain Access as “Issued by”), and try to find the removed CA's somewhere on the Net and download them.
Again, lots of work, without any guarantee of success, but it
might help.
Quote:I've had firevault on prior to this incident, however I had no knowledge of timemachine until afterwards (it was turned off when discovered). Is there a way to use firevault to restore peace to my laptop universe or am I still in for the grim future?
I am afraid the latter. Firewall is just a smart door, which allows or does not allow network communication packets to go through. Save possibly for some logs, it does not store anything.
Quote:**The app that the deleted Cas gave me trouble with is a media console app called Kodi.**
This does not make much sense unless Kodi itself stores its own things into Keychain; I do not know its entrails, but as it is a multi-platform code (and the Keychain API is self-evidently available on Mac only), that is highly improbable (it would be technically reasonable to store e.g., HTTP password for external control of Kodi into keychain, but I strongly suspect Kodi uses instead its own arbitrary storage instead of OS X for these things). Ned Scott presumably understands Kodi much more than me and wrote that, too.
Addons, being 3rd-party code, may contain nigh anything. If they access password-guarded services, those passwords would quite probably be stored in Keychains; server certificates might be checked against the CAs — **ha**, this might be the cause of your problems: if it is indeed so, the GUI should allow you to connect regardless the server certificate is not found valid (of course, depending on the particular server, this might slightly increase the danger of a MitM).