mnot’s blog

Design depends largely on constraints.” — Charles Eames

Tuesday, 15 July 2003



I’m very happy to say that, after using Windows on the desktop for about a year, and various flavours of Unix on the desktop for about six years, I’ve Switched back to the Mac (which I happily used for about six years before that).

Specifically, a very kind colleague (thanks, Andrew!) in the office down the hall sold me his 667Mhz 15” Powerbook G4 for a quite reasonable price (due to the hardship of getting himself a 17” Powerbook).

I’ve got pretty much all of the applications I need on board; I may have to get Virtual PC for Quicken (the Mac version is HORRIBLE) and our weird in-house expense application.

Outstanding issues:

Interestingly, the hardest thing to switch has been RSS; as far as I can see, each aggregator on each platform has a different approach, none of them interoperate regarding OPML import/export, and feeds that worked fine in Sharpreader break in NetNewsWire. Argh.


Jonathan Sergent said:

Welcome to Macintosh!

I had to answer the SSL CA question today myself and I’m feeling like sharing the wealth since it took some digging and I saw your question. The answer is pretty obscure, but if you google hard enough you can find it. The list of trusted CAs is stored in /System/Library/Keychains/X509Anchors in Keychain format. The Keychain Access app will let you browse the X509Anchors keychain, but there is no UI in Keychain Access for importing certs, only adding web site passwords! Other apps can add them to the keychain, and Keychain Access can delete them, but there’s no way to add certs other than with the certtool command (which I can’t find docs for, other than a brief mention in TN2053) or with the API… thankfully the certtool command will do the job.

From Terminal:

cp /System/Library/Keychains/X509Anchors $HOME/Library/Keychains/X509Anchors certtool i /path/to/cacert.pem k=X509anchors sudo cp $HOME/Library/Keychains/X509Anchors /System/Library/Keychains/X509Anchors

Yes, you have to copy to $HOME and back again. k= does not take a pathname, only the keychain name, and it doesn’t search in /System/Library/Keychains, only $HOME/Library/Keychains. And if you get any errors from certtool, they will probably be undecipherable. Welcome to Macintosh!

Tuesday, July 15 2003 at 10:26 AM

Aaron Swartz said:

This program should probably be able to import Moz bookmarks.

Panther BitTorrent

Wednesday, July 16 2003 at 8:22 AM

Aaron Swartz said:

For journalistic purposes, Panther is available through BitTorrent, i.e. at

Wednesday, July 16 2003 at 8:23 AM

Aaron Swartz said:

Moz bookmark importer:

(Aargh, support a href, please!)

Wednesday, July 16 2003 at 8:23 AM

Chris said:

(A bit late this, but I only just found your page.)

An even easier way to put your server’s SSL cert into the system X509Anchors keychain is to:

1) Run Keychain

2) Choose File>Add Keychain… and choose X509Anchors.

3) Choose File>Import… and choose your certificate.pem file. You’re prompted for your username and password.

4) There is no step 4.

Wednesday, March 24 2004 at 11:38 AM

Frederic Latour said:

Even later, but I just found instructions that are much simpler than the latest post :

1) Double click the certificate.pem file. 2) Choose X509Anchors. 3) There is no step 3.

Wednesday, September 22 2004 at 11:08 AM

Jim said:

I have O/S X v10.3.x, and the X509Anchors keychain doesn’t show up in the GUI… is there some patch I need for the O/S? I see it in the UNIX directory.


Monday, October 18 2004 at 10:45 AM

Colin said:

I had to add it manually. I opened Keychain Access, File -> Add Keychain, navigate to /System/Library/Keychains/X509Anchors, click OK, then import the certificate.

Monday, December 13 2004 at 10:02 AM

Brad said:

HI ive done something, something bad, very bad. and I NEED HELP! one thing from another ive found that ive DELETED “X509Anchors” from my key chain and i dont know what to do. i dont want to reboot my mac and i know no one else with a mac to copy it from, can someone help me (perfribly can i download it from someone, PLEASE)

Friday, June 1 2007 at 3:20 AM

brad said:

it dosnt matter any more i phoned apple care (90 day free trial) and they said reboot it or whatever it is you do and its fine now

Friday, June 1 2007 at 5:49 AM