Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Leopard X509 Certificate instructions

227 views
Skip to first unread message

dat...@gmail.com

unread,
Nov 12, 2007, 10:47:47 AM11/12/07
to
Just an FYI for anyone using TLS in Mac Messanger and OSX Leopard
(10.5).

The instructions in the Mac Messenger Deployment Guide for adding an
X509 Certificate to the OSX Keychain do not work on Leopard. In
previous OSX versions the "X509 Anchors" keychain is added to your
keychain by default and is an option when you double click a
certificate for import. With Leopard however you must manually open
your "Applications/Utilities/Keychain Accces", go to "File" then "Add
Keychain". Then navigate to /System/Library/Keychains where you should
see the file "X509Anchors", add this keychain. This keychain is the
keychain that must contain the correct certificate your corporation
uses for TLS transport. If your corp happens to use a standard public
certificate of course you will never have to worry about this, but if
it is an non-included certificate you must import to to that keychain.

I figured this out from this link:

http://mactip.blogspot.com/2007/11/kerberos-for-leopard.html

Corentin Cras-Méneur

unread,
Nov 12, 2007, 12:21:33 PM11/12/07
to
dat...@gmail.com <dat...@gmail.com> wrote:

> With Leopard however you must manually open
> your "Applications/Utilities/Keychain Accces", go to "File" then "Add
> Keychain". Then navigate to /System/Library/Keychains where you should
> see the file "X509Anchors",


Really??? and this works for you??? I had read that the X509Anchor was a
thing of the past (for Leopard) and that these certificates now belong
to the Login keychain instead...

Corentin


--
--- Mac:MS MVP http://www.cortig.net/wordpress/ ---
http://www.mvps.org - http://mvp.support.microsoft.com
MVPs are not MS employees - Les MVP ne travaillent pas pour MS
Remove "NoSpam" to e-mail me - Retirez "NoSpam" pour m'écrire

dat...@gmail.com

unread,
Nov 13, 2007, 9:57:37 AM11/13/07
to
Yes, this works for me. I added the cert to all the default keychains
open in "Keychain Access" ("login",
"Microsoft_Intermediate_Certificates" and "System") and none resolved
the issue. Only worked when I manually opened the X509Anchors keychain
and put the Cert there.

Appears that Messenger is hard coded to check the X509Anchors keychain
for TLS Certs. Keep in mind that this keychain exist in Leopard and
contains many default Certs, it just is not *open* within the
"Keychain Access" utility.


On Nov 12, 11:21 am, korvent...@NoSpam.mvps.org (Corentin Cras-Méneur)
wrote:

Corentin Cras-Méneur

unread,
Nov 13, 2007, 2:34:41 PM11/13/07
to
dat...@gmail.com <dat...@gmail.com> wrote:

> Appears that Messenger is hard coded to check the X509Anchors keychain
> for TLS Certs. Keep in mind that this keychain exist in Leopard and
> contains many default Certs, it just is not *open* within the
> "Keychain Access" utility.

VERY interesting. Thanks for mentioning that tip then (though I sure
consider it as a Messenger bug).

0 new messages