Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: Obtaining server SSL certificates Internet
I don't know if this is applicable, but there's a lot of talk about SSL certificates, so I thought I'd add this tidbit ... if you're constantly being hounded by Safari or Mail.app that it does not recognize a certificate, you can use the previously posted hints to install that certificate or it's signing certificate into Mac OS X to eliminate the warning. However, to do that, you need to have the certificate. Here's an easy way to get the certificate itself: open a Terminal window and type the following:
  openssl s_client -showcerts -connect hostname.com:port
For example, if you wanted to get the certificate for www.verisign.com, you'd do this:
  openssl s_client -showcerts -connect www.verisign.com:443
You will see quite a bit of output from this, but the first block beginning with -----BEGIN CERTIFICATE----- is the certificate for the server. Copy everything from (including) the BEGIN CERTIFICATE line to the corresponding END CERTIFICATE line, and save it into a file that ends with .cer. Now you've got a certificate file for that server! Follow the previous hints to install it in the appropriate Keychain.
    •    
  • Currently 2.86 / 5
  You rated: 2 / 5 (7 votes cast)
 
[16,904 views]  

10.3: Obtaining server SSL certificates | 6 comments | Create New Account
Click here to return to the '10.3: Obtaining server SSL certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Obtaining server SSL certificates
Authored by: vondrix on Nov 02, '03 05:00:01PM

Instead of searching for the older hints, just doubleclick on the certificate. After it has installed itself in keychain, set "When using this certificate" to "Alway Trust"



[ Reply to This | # ]
10.3: Obtaining server SSL certificates
Authored by: mamadrum on Nov 19, '03 04:13:15PM

Funny. I found X.509 Anchors keychain locked and I can't unlock it with either my user password or my root password. I'm unable to add certificates to that keychain. Can anybody explain this?

However, I did add my cert to the login keychain and it appeared to work.

--aaron



[ Reply to This | # ]
10.3: Obtaining server SSL certificates
Authored by: dborod on Nov 04, '03 11:35:19AM

This only works if you add it to the 'X509Anchors' keychain. You'll need to add this keychain by selecting the 'Add Keychain...' menu item from the 'File' menu and adding the file from /System/Library/Keychains/



[ Reply to This | # ]
10.3: Obtaining server SSL certificates
Authored by: MattHaffner on Nov 06, '03 03:11:37PM

I didn't need to add this keychain, it was in the dialog for importing already. And, I didn't need to add it for Mail to bypass the launch dialog. However, the chain is not listed in Keychain Access until you do the 'Add...', so you won't be able to view or modify the cert until then.



[ Reply to This | # ]
10.3: Obtaining server SSL certificates
Authored by: mejarvis on Jan 23, '04 01:00:07AM

There is a good deal of comment all over here on how to automate acceptance of these certificates. Unfortunately, it does not all seem to agree, and there are a lot of "Yes, buts...". Would someone kindly condense these and post an authoritative summary? It would be huge favor.



[ Reply to This | # ]
10.3: Obtaining server SSL certificates
Authored by: zarqman on Feb 10, '04 09:56:45PM

i doubled clicked on the .cer file, told it to to add it to the X509Anchors keychain, and it worked from there. i tried adding it to my personal keychain, and even with 'always trust' it still didn't work. best of luck....



[ Reply to This | # ]