Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.3: Importing self-signed SSL certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Importing self-signed SSL certificates
Authored by: snark on Oct 28, '03 04:17:20PM

the Keychain / X509Anchors tip above does not help with the actual SSL certificates but rather works for CA (Certificate Authority) Certificates - that is: certificates used to sign other certificates...

So you need to create two certificates yourself: one CA and one actual SSL certificate for use in your imapd (or httpd or whatever). Use the private part of the CA to sign the other and hand the public part of the CA certificate out to all clients.

[ Reply to This | # ]
10.3: Importing self-signed SSL certificates
Authored by: dhaveconfig on Oct 29, '03 05:11:42AM

No, you don't.

The above method works fine. You can EITHER import CA or host certificates to the X509Anchors file.

[ Reply to This | # ]
Didn't work for me.
Authored by: porkchop_d_clown on Nov 02, '03 04:05:40PM

I imported the self-signed cert and I'm still getting the warning everytime I start mail.

Everyone loves a clown, but no one will lend him money!

[ Reply to This | # ]
Didn't work for me.
Authored by: leif on Feb 15, '04 07:49:50PM

Me too.

I used the openssl command to generate the X509 cert from my .pem file on the mailserver, and imported it to the x509 anchors in Keychain Access. Mail still whines every time it opens.

I was also unable to option-drag the cert from the Mail's warning dialog; using the option key, I get a generic document icon to drag, but it doesn't save to the desktop when I drop it there. If I don't hold down option I get a useless text clipping with the contents of the certificate information field.

On another mac also running panther, option dragging caused the system to briefly hang, and in a strange graphics error, the document icon now remains above all other applications, unclickable and useless.

A "remember this cert" button in the mail client world certainly be a nice thing to have.

[ Reply to This | # ]