trustd (Trust Evaluation Daemon) is a safe macOS security process. trustd is the macOS daemon responsible for evaluating certificate trust chains. Whenever your Mac needs to verify an SSL/TLS certificate for a website, validate a code signature, or check a developer identity, trustd performs the cryptographic validation against the system's certificate trust store and any user-installed certificates. trustd making occasional network requests and using brief CPU spikes during certificate validation is completely normal. Be concerned if trustd is making constant rapid network connections to unknown hosts — this could indicate a compromised certificate store or man-in-the-middle attack attempting to inject rogue certificates.
Trust Evaluation Daemon
trustd is the macOS daemon responsible for evaluating certificate trust chains. Whenever your Mac needs to verify an SSL/TLS certificate for a website, validate a code signature, or check a developer identity, trustd performs the cryptographic validation against the system's certificate trust store and any user-installed certificates.
High CPU or network usage when validating certificates for many simultaneous connections
SSL errors in Safari or other apps when trustd cannot reach OCSP responders
Slow application launches due to code signature verification delays
Certificate trust failures after system clock changes or expired root certificates
Go to System Settings > General > Date & Time and ensure 'Set date and time automatically' is enabled. Incorrect system time causes certificate validation failures because certificates have validity periods that depend on accurate timestamps.
Open Keychain Access, go to Keychain Access > Settings, and click 'Reset My Default Keychains.' Alternatively, delete cached OCSP responses from ~/Library/Keychains/ to force trustd to refetch fresh certificate status data.
trustd contacts ocsp.apple.com and other OCSP responders to check certificate revocation status. If your network blocks these connections (corporate firewall, VPN, or DNS filter), trustd will time out and cause delays. Ensure ocsp.apple.com is accessible.
Apple periodically updates the trusted root certificate store through macOS updates. If you're seeing trust failures with well-known sites, check System Settings > General > Software Update for pending updates that may include certificate store refreshes.
trustd making occasional network requests and using brief CPU spikes during certificate validation is completely normal. Be concerned if trustd is making constant rapid network connections to unknown hosts — this could indicate a compromised certificate store or man-in-the-middle attack attempting to inject rogue certificates.
CoreLock verifies the code signing certificates of all running applications and installed software, detects unsigned or improperly signed binaries, and alerts you to expired or revoked developer certificates that trustd would flag during normal operation.
Download CoreLock Freesyspolicyd implements macOS Gatekeeper — the security feature that verifies applications are from identified developers ...
sandboxd enforces the macOS App Sandbox — a security technology that restricts what applications can access. When an app...
nsurlsessiond is the macOS background daemon that handles URL-based download and upload tasks on behalf of applications....
trustd evaluates whether digital certificates are trustworthy. Every time you visit an HTTPS website, open a signed application, or install software, trustd checks the certificate chain to verify identity and integrity. It contacts OCSP (Online Certificate Status Protocol) servers to check whether certificates have been revoked.
trustd connects to OCSP responders (like ocsp.apple.com) to verify that certificates haven't been revoked. This happens when you visit websites, launch signed apps, or install updates. The network usage is normal security behavior — it's your Mac checking that the things it's connecting to are legitimately who they claim to be.
Yes. trustd is a core Apple security daemon that protects you from fraudulent certificates and compromised connections. It is code-signed by Apple, runs as a system service managed by launchd, and is protected by System Integrity Protection. It plays a critical role in macOS's security architecture.
Download CoreLock to identify suspicious processes, detect threats, and keep your Mac running smoothly.
Download CoreLock FreeAvailable for macOS and Windows