The instructions in the Mac Messenger Deployment Guide for adding an
X509 Certificate to the OSX Keychain do not work on Leopard. In
previous OSX versions the "X509 Anchors" keychain is added to your
keychain by default and is an option when you double click a
certificate for import. With Leopard however you must manually open
your "Applications/Utilities/Keychain Accces", go to "File" then "Add
Keychain". Then navigate to /System/Library/Keychains where you should
see the file "X509Anchors", add this keychain. This keychain is the
keychain that must contain the correct certificate your corporation
uses for TLS transport. If your corp happens to use a standard public
certificate of course you will never have to worry about this, but if
it is an non-included certificate you must import to to that keychain.
I figured this out from this link:
http://mactip.blogspot.com/2007/11/kerberos-for-leopard.html
> With Leopard however you must manually open
> your "Applications/Utilities/Keychain Accces", go to "File" then "Add
> Keychain". Then navigate to /System/Library/Keychains where you should
> see the file "X509Anchors",
Really??? and this works for you??? I had read that the X509Anchor was a
thing of the past (for Leopard) and that these certificates now belong
to the Login keychain instead...
Corentin
--
--- Mac:MS MVP http://www.cortig.net/wordpress/ ---
http://www.mvps.org - http://mvp.support.microsoft.com
MVPs are not MS employees - Les MVP ne travaillent pas pour MS
Remove "NoSpam" to e-mail me - Retirez "NoSpam" pour m'écrire
Appears that Messenger is hard coded to check the X509Anchors keychain
for TLS Certs. Keep in mind that this keychain exist in Leopard and
contains many default Certs, it just is not *open* within the
"Keychain Access" utility.
On Nov 12, 11:21 am, korvent...@NoSpam.mvps.org (Corentin Cras-Méneur)
wrote:
> Appears that Messenger is hard coded to check the X509Anchors keychain
> for TLS Certs. Keep in mind that this keychain exist in Leopard and
> contains many default Certs, it just is not *open* within the
> "Keychain Access" utility.
VERY interesting. Thanks for mentioning that tip then (though I sure
consider it as a Messenger bug).