Using custom or self-signed certificates in Safari

Jan 24, '03 09:44:21AM

Contributed by: simonlok

The Safari browser disallows SSL access to websites with certificates that are not signed by well known authorities. In order to browse these sites via SSL, one needs to add the web server certificate (or CA root certificate) to the global keychain. This is fairly straightforward.

Get a hold of the certificate you want to add in either PEM or DER format. Copy the file /System -> Library -> Keychains -> X509Anchors to your own Library -> Keychains. In the Terminal, run the command:

 % certtool i mycertificate.crt k=X509Anchors 
(you need to add a "d" at the end for DER format).

Now copy your Library -> Keychains -> X509Anchors back to /System -> Library -> Keychains. You will need to use sudo to make this work. Restart Safari and all is well.

[Editor's note: I have not tested this myself.]

Comments (39)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030124064421978