the empty set

Trusting a Certificate with Keychain Access

This is by no means mission critical, but I have been plagued with a keychain certificate glitch ever since I migrated to my Mac Pro in August. Each time I opened it warned me that the certificate for one of my mail hosts was "not in the root certificate could not be verified" and asked me if I wanted to continue.

Certificate warning

I changed the trusting settings of the certificate, but to no avail, the glitch remained. Checking the certificate is mentionned "This certificate is not in the trusted root database", but how do you add a certificate to the root database?

Certificate not in the root database

Well, it turns out it's all a matter of importing it properly:

1. Open Keychain access, and select File > Import (or double click the certificate).

2. Select the X.509Anchors keychain and import the certificate (usually a file file a .cer extension). Don't import it into your login keychain, or it won't be added to the root database.

Import the certificate into X.509Anchors dialog box

3. The certificate will still be marked "This certificate is not in the trusted root database".

4. Quit and relaunch Keychain Access for it to display "This certificate is valid".

Import the certificate is valid

No more warnings. Bliss.

Ø permalink:

Reponses to “Trusting a Certificate with Keychain Access”

#1 by bill

21:17 on 29 January 2008

nice info. i receive a x509 password error. it seems to be system generated. and not associated with system root

#2 by Stuart Thiel

21:27 on 3 March 2008

But how does one do that programatically, through a script or something? I've been asked to write an installer that installs a self-signed script. I've suggested that it's inadvisable to do that, but the client is keen... so how does one go about doing it (easy as pie on Windows...)

#3 by David Roessli

22:23 on 3 March 2008

@Stuart Err.. I don't know. I suggest you check the ADC Reference Library at

Start maybe by checking out the "Getting Started with Security" section at

Hope this helps.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Previous: Thoughts on Web Strategy

Next: Wrapped up in Hamed Bouzzine's Moroccan tales


Hello, my name is David Roessli. I am a freelance web designer and developer based in Geneva, Switzerland.

This weblog is an nth attempt to solve my multiple online personalities and weblog/rss feeds burnout issues. (more)


I have been contemplating the idea of upgrading my desktop Mac since this spring. The latest 27" iMac (Quad-Core) seemed the perfect candidate, but the release of Apple's 27" Monitor last September made me stick with the Mac Pro...


The autopsy of an iconic album cover picked up on A stacked graph of successive radio signals from pulsar CP 1919, in a 1977 astronomy encyclopedia that originated in a 1970 Ph.D. thesis. Fascinating <3...


Check out my latest Flickr ramblings. Mostly day to day cameraphone pictures stolen here and there.

© 2000-2018 David Roessli | v4.1 | as valid xhtml and css as possible | hosted by Infomaniak | RSS feeds. Looking for my Privacy Policy ?