Trusting a Certificate with Keychain Access 

Tags :
Apple Magic keyboard. Photo by Sergi Kabrera on Unsplash

This is by no means mission critical, but I have been plagued with a keychain certificate glitch ever since I migrated to my Mac Pro in August. Each time I opened it warned me that the certificate for one of my mail hosts was “not in the root certificate could not be verified” and asked me if I wanted to continue.

Screenshot of the certificate warning

I changed the trusting settings of the certificate, but to no avail, the glitch remained. Checking the certificate is mentionned “This certificate is not in the trusted root database”, but how do you add a certificate to the root database?

Screenshot of the certificate warning

Well, it turns out it’s all a matter of importing it properly:

  1. Open Keychain access, and select File > Import (or double click the certificate).
  2. Select the X.509Anchors keychain and import the certificate (usually a file file a .cer extension). Don’t import it into your login keychain, or it won’t be added to the root database.
  3. The certificate will still be marked “This certificate is not in the trusted root database”.
  4. Quit and relaunch Keychain Access for it to display “This certificate is valid”.
Import dialog box
Screenshot of the certificate

No more warnings. Bliss.

Posted a response ? — Webmention it

This site uses webmentions. If you've posted a response and need to manually notify me, you can enter the URL of your response below.

Comments and responses

  • 29 Jan 2008


    nice info. i receive a x509 password error. it seems to be system generated. and not associated with system root

  • 03 Mar 2008

    Stuart Thiel:

    But how does one do that programatically, through a script or something? I’ve been asked to write an installer that installs a self-signed script. I’ve suggested that it’s inadvisable to do that, but the client is keen… so how does one go about doing it (easy as pie on Windows…)

  • 03 Mar 2008

    @Stuart Err.. I don’t know. I suggest you check the ADC Reference Library at
    Start maybe by checking out the “Getting Started with Security” section at
    Hope this helps.

Want more ? — prev/next entries