Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Use the Certificate Authority to create certificates System 10.4
Tiger only hintYou no longer need to go get a free Thawte certificate or go anyplace else to get one -- Keychain Access now has a Certificate Assistant that will generate a self signed certificate for you!

Open Keychain Access (in /Applications -> Utilities), and in the Keychain Access menu, select Certificate Assistant (it's the fourth choice). Click it, follow the on screen directions. You can now encrypt and sign your email -- encryption requires your email recipient's public key.

[robg adds: This hint was also submitted at nearly the same time by boredzo, who pointed out the assisant's capabilities:
  • Create a certificate for yourself
  • Create a Certificate Authority (CA)
  • Use your CA to create a certificate for someone else
  • Request a certificate from an existing CA
  • View and evaluate certificates
We don't usually run menu-item hints, but since this one's hiding in the app's menu, and many people seem interested in encryption, etc., I thought it worth sharing.]
    •    
  • Currently 3.33 / 5
  You rated: 2 / 5 (6 votes cast)
 
[50,773 views]  

10.4: Use the Certificate Authority to create certificates | 7 comments | Create New Account
Click here to return to the '10.4: Use the Certificate Authority to create certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Use the Certificate Authority to create certificates
Authored by: nturpin on Jun 06, '05 12:23:46PM

What I also found interesting about this, as I was playing about with it at the weekend, is in the help files there is something about gaining a certificate from .mac



[ Reply to This | # ]
10.4: Use the Certificate Authority to create certificates
Authored by: samkass on Jun 06, '05 12:35:52PM

This is an excellent hint, thanks! MacOS X 10.4 also makes Thawte much easier, too, if you still want to go directly to the site. Now you just click on the link on the Thawte site, and your certificate is automatically downloaded, installed, and ready to use by the browser and Mail.app. You used to have to do some exporting, importing, etc.



[ Reply to This | # ]
10.4: Use the Certificate Authority to create certificates
Authored by: maiklust on Jun 06, '05 04:46:26PM

OS X really made some progress with handling of certificates!

But important to mention is, if you use a self-signed certificate instead one from Thawte (and such), the signed E-Mails (for example) can not be automatically verified by the other party, because it's not signed by a known CA like i.e. Thawte. The receiver sees a warning, that the signature could be malicious.

So you should consider to still use a certificate from a known CA company.



[ Reply to This | # ]
10.4: Use the Certificate Authority to create certificates
Authored by: Regek on Jul 07, '05 02:56:15AM
As long as the other person already knows and trusts you, just forward a copy of your root certificate and have that person add it to his X509Anchors keychain. That makes it so that all future data signed by one of your certificates or a certificate you signed is trusted by OS X.

Took me ages to figure that one out.

Though yes, it's more complicated than the "it just works" that you get when using a CA already in X509Anchors.

[ Reply to This | # ]
10.4: Use the Certificate Authority to create certificates
Authored by: steresi on Jun 06, '05 07:02:13PM
The obvious question to me would be, can this be used to simplify setting up a secure certificate for serving HTTPS pages off your Mac? Can this simplify any of the instructions outlined in this extensive hint?

[ Reply to This | # ]
.mac as a Certificate Authority???
Authored by: Yelsmek on Jun 06, '05 11:32:21PM
I too would like to know what this blurb means in the Certificate Assistant:
"How do I get a certificate?
In order to obtain a valid certificate, you must form a certificate request and send it to a certificate authority. If the authority agrees, it will make your certificate and return it to you. There are many ways to do this. You can use Certificate Assistant, you can use the web site of a commercial certificate authority, or you can obtain a personal certificate from .Mac. You can obtain and hold many certificates signed by different CAs that are each valid separately and subject to different policies. For example, you may have one certificate that allows you to sign email, and another that allows you to identify yourself on iChat."
How does one get one from .mac?

[ Reply to This | # ]
10.4: Use the Certificate Authority to create certificates
Authored by: Yelsmek on Jun 07, '05 12:20:23AM
This pretty much answers the question: http://www.apple.com/certificateauthority/
.Mac Certificate Practices Statement While a .Mac certificate is provided with Mac OS X, it is not currently in use. The CPS will be provided when the certificate is to be used.


[ Reply to This | # ]