Also, if you need an importable self-signed CA certificate for a particular site, and you happen to have access to a Microsoft Windows box, do this:

1. Open IE and navigate to the site. You'll get a "Security Alert" warning. Choose "View Certificate"
2. In the Certificate window that pops up, select the "Details" tab, and click on the "Copy to File" button.
3. A "Certificate Export Wizard" window will appear. Follow the instructions in the wizard. I exported it as a Base-64 encoded X-509 certificate, but I'm sure DER would work as well. Finally choose a filename and location to save it.
4. Copy the resulting .cer file to your mac box and install according to the original hint.

I'm sure there's an easier way to scrape the certificate from the web server without windows, but I can't find an option in Safari, Camino, or Mac IE. If I come across an OSX-only way, I'll post it here.

[ Reply to This | # ]

You can get the self-signed certificate of a server using openssl in a Terminal window. If the server is "servername" and using the default HTTPS port of 443, do this:

openssl s_client -connect servername:443 -showcerts

Then copy & paste the lines from "-----BEGIN CERTIFICATE-----" through "-----END CERTIFICATE-----" *inclusive* into a file and save it (as plain text, of course). This will be a "PEM format" certificate file.

[ Reply to This | # ]