Adding a custom SSL Certificate

Feb 24, '02 10:56:17AM

Contributed by: acdha

We have a private SSL CA which is used internally for things like code signing and providing SSL for our mail and private web servers. Unfortunately, this means that certain interface-challenged applications like OS X's Mail.app won't connect using SSL because they don't trust the certificate. Additionally, apps which might allow you to continue tend to display very scary messages, which results in a lot of questions with multiple users on the same machine.

The certificate store is in: /System -> Library -> Frameworks -> CoreFoundation.framework -> Versions -> A -> Resources -> RootCerts.pem

Appending the PEM format key to the end of this file will fix this problem. Note that this requires root and, as always, you should double-check everything before hitting enter. In particular, if you use cat make sure that you don't overwrite that file using > instead of >>. If your certificate isn't in PEM format (mine was DER), you can convert it with OpenSSL. First test with:

openssl x509 -in my-cert.cer  -inform DEN -text
If that displays the expected info, then:
openssl x509 -in my-cert.cer  -inform DEN -out my-cert.pem -outform PEM
[Editor's note: I have not tried to test this as it would first require creating my own SSL certificate ... and I wouldn't know where to start with that task!]

Comments (11)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20020224105617457