If the Mac App Store is slow, it’s probably because of your Keychain CRL setting
Recently I had an issue where the Mac App Store became almost unusably slow. It took more than a minute to start up. During that time it would appear completely frozen.
This was caused by enabling a security setting called “certificate revocation list,” or CRL, in Keychain Access.
You can disable this feature and the Mac App Store will become much faster. However—and this is a big one—the CRL is a security feature that you may not want to disable.
A CRL helps your system to detect fraudulent TLS certificates (also known as SSL certificates). While this type of fraud is rare1, a recent security breach allowed a criminal in Iran to generate these certificates (news story) and enabling the CRL protects you against this.
The Keychain Access CRL feature is disabled by default, but several recent Mac blog articles suggested that you enable it. Here’s one such article.
If you still want to disable it:
- Open the Keychain Access app.
- From the menu, choose Keychain Access > Preferences.
- On the Certificates tab, change the CRL setting to “Off.” (You can leave the other settings as-is.)
1 Fraudulent certificates may not be so rare (they can be injected using man-in-the-middle attacks), but this type of fraudulent certificate—signed by a legitimate root authority—is rare.
