Trusting a Certificate with Keychain Access
Posted in dailyTags :
This is by no means mission critical, but I have been plagued with a keychain certificate glitch ever since I migrated to my Mac Pro in August. Each time I opened Mail.app it warned me that the certificate for one of my mail hosts was “not in the root certificate could not be verified” and asked me if I wanted to continue.
I changed the trusting settings of the certificate, but to no avail, the glitch remained. Checking the certificate is mentionned “This certificate is not in the trusted root database”, but how do you add a certificate to the root database?
Well, it turns out it’s all a matter of importing it properly:
- Open Keychain access, and select File > Import (or double click the certificate).
- Select the X.509Anchors keychain and import the certificate (usually a file file a .cer extension). Don’t import it into your login keychain, or it won’t be added to the root database.
- The certificate will still be marked “This certificate is not in the trusted root database”.
- Quit and relaunch Keychain Access for it to display “This certificate is valid”.
No more warnings. Bliss.
Comments and responses
29 Jan 2008
nice info. i receive a x509 password error. it seems to be system generated. and not associated with system root
03 Mar 2008
But how does one do that programatically, through a script or something? I’ve been asked to write an installer that installs a self-signed script. I’ve suggested that it’s inadvisable to do that, but the client is keen… so how does one go about doing it (easy as pie on Windows…)
03 Mar 2008
@Stuart Err.. I don’t know. I suggest you check the ADC Reference Library at http://developer.apple.com/.
Start maybe by checking out the “Getting Started with Security” section at http://tinyurl.com/yqcjlo
Hope this helps.