∅ the empty set

5 Oct 2007

posted in daily

tags , , , , ,

3 comments

Trusting a Certificate with Keychain Access

This is by no means mission critical, but I have been plagued with a keychain certificate glitch ever since I migrated to my Mac Pro in August. Each time I opened Mail.app it warned me that the certificate for one of my mail hosts was "not in the root certificate could not be verified" and asked me if I wanted to continue.

Certificate warning

I changed the trusting settings of the certificate, but to no avail, the glitch remained. Checking the certificate is mentionned "This certificate is not in the trusted root database", but how do you add a certificate to the root database?

Certificate not in the root database

Well, it turns out it's all a matter of importing it properly:

1. Open Keychain access, and select File > Import (or double click the certificate).

2. Select the X.509Anchors keychain and import the certificate (usually a file file a .cer extension). Don't import it into your login keychain, or it won't be added to the root database.

Import the certificate into X.509Anchors dialog box

3. The certificate will still be marked "This certificate is not in the trusted root database".

4. Quit and relaunch Keychain Access for it to display "This certificate is valid".

Import the certificate is valid

No more warnings. Bliss.

Ø permalink: http://www.davidroessli.com/logs/2007/10/trusting_a_certificate_in_mac/

Reponses to “Trusting a Certificate with Keychain Access”

#1 by bill

21:17 on 29 January 2008

nice info. i receive a x509 password error. it seems to be system generated. and not associated with system root

#2 by Stuart Thiel

21:27 on 3 March 2008

But how does one do that programatically, through a script or something? I've been asked to write an installer that installs a self-signed script. I've suggested that it's inadvisable to do that, but the client is keen... so how does one go about doing it (easy as pie on Windows...)

#3 by David Roessli

22:23 on 3 March 2008

@Stuart Err.. I don't know. I suggest you check the ADC Reference Library at http://developer.apple.com/.

Start maybe by checking out the "Getting Started with Security" section at http://tinyurl.com/yqcjlo

Hope this helps.

Post a comment

TrackBack URL for this entry:
http://www.davidroessli.com/cgi-bin/mt-tb.cgi/64.

Previous: Thoughts on Web Strategy

Next: Wrapped up in Hamed Bouzzine's Moroccan tales

About

Hello, my name is David Roessli. I am a freelance web designer and developer based in Geneva, Switzerland.

This weblog is an nth attempt to solve my multiple online personalities and weblog/rss feeds burnout issues. (more)

Words

Transcending CSS book cover

This is the kind of book I love to discover. The last time I got so excited by a book on CSS was when I read Jeffrey Zeldman's Design with Web Standards back in 2003. Unfortunately, it doesn't happen...

Music

Belleruche | Turnable Soul Music CD cover

Another smooth discovery I made while browsing Asa' "Listeners also bought" section of iTS. Belleruche is a well-crafted mix of bass & drums with a sensual, smoky, sexy female vocalist, together with funky guitar moments. Pure soulful jazz under...

Pictures

Check out my latest Flickr ramblings. Mostly day to day cameraphone pictures stolen here and there.

© 2007 David Roessli | v2.0 | valid xhtml and css