mark nottingham

Welcome to Macintosh!

I had to answer the SSL CA question today myself and I’m feeling like sharing the wealth since it took some digging and I saw your question. The answer is pretty obscure, but if you google hard enough you can find it. The list of trusted CAs is stored in /System/Library/Keychains/X509Anchors in Keychain format. The Keychain Access app will let you browse the X509Anchors keychain, but there is no UI in Keychain Access for importing certs, only adding web site passwords! Other apps can add them to the keychain, and Keychain Access can delete them, but there’s no way to add certs other than with the certtool command (which I can’t find docs for, other than a brief mention in TN2053) or with the API… thankfully the certtool command will do the job.

From Terminal:

cp /System/Library/Keychains/X509Anchors $HOME/Library/Keychains/X509Anchors certtool i /path/to/cacert.pem k=X509anchors sudo cp $HOME/Library/Keychains/X509Anchors /System/Library/Keychains/X509Anchors

Yes, you have to copy to $HOME and back again. k= does not take a pathname, only the keychain name, and it doesn’t search in /System/Library/Keychains, only $HOME/Library/Keychains. And if you get any errors from certtool, they will probably be undecipherable. Welcome to Macintosh!

This program should probably be able to import Moz bookmarks.

Panther BitTorrent

For journalistic purposes, Panther is available through BitTorrent, i.e. at

http://www.aj-designs.com/Mirror/suprnova/torrents/Panther_WWDC_Developer_Preview.torrent

Moz bookmark importer: http://www.versiontracker.com/dyn/moreinfo/macosx/17938&mode=info

(Aargh, support a href, please!)

(A bit late this, but I only just found your page.)

An even easier way to put your server’s SSL cert into the system X509Anchors keychain is to:

1) Run Keychain Access.app

2) Choose File>Add Keychain… and choose X509Anchors.

3) Choose File>Import… and choose your certificate.pem file. You’re prompted for your username and password.

4) There is no step 4.

Even later, but I just found instructions that are much simpler than the latest post :

1) Double click the certificate.pem file. 2) Choose X509Anchors. 3) There is no step 3.

I have O/S X v10.3.x, and the X509Anchors keychain doesn’t show up in the GUI… is there some patch I need for the O/S? I see it in the UNIX directory.

thx.

I had to add it manually. I opened Keychain Access, File -> Add Keychain, navigate to /System/Library/Keychains/X509Anchors, click OK, then import the certificate.

HI ive done something, something bad, very bad. and I NEED HELP! one thing from another ive found that ive DELETED “X509Anchors” from my key chain and i dont know what to do. i dont want to reboot my mac and i know no one else with a mac to copy it from, can someone help me (perfribly can i download it from someone, PLEASE)

it dosnt matter any more i phoned apple care (90 day free trial) and they said reboot it or whatever it is you do and its fine now