 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Other MS Products / November 2007Leopard X509 Certificate instructions
Just an FYI for anyone using TLS in Mac Messanger and OSX Leopard (10.5). The instructions in the Mac Messenger Deployment Guide for adding an X509 Certificate to the OSX Keychain do not work on Leopard. In previous OSX versions the "X509 Anchors" keychain is added to your keychain by default and is an option when you double click a certificate for import. With Leopard however you must manually open your "Applications/Utilities/Keychain Accces", go to "File" then "Add Keychain". Then navigate to /System/Library/Keychains where you should see the file "X509Anchors", add this keychain. This keychain is the keychain that must contain the correct certificate your corporation uses for TLS transport. If your corp happens to use a standard public certificate of course you will never have to worry about this, but if it is an non-included certificate you must import to to that keychain. I figured this out from this link: http://mactip.blogspot.com/2007/11/kerberos-for-leopard.html > With Leopard however you must manually open > your "Applications/Utilities/Keychain Accces", go to "File" then "Add > Keychain". Then navigate to /System/Library/Keychains where you should > see the file "X509Anchors", Really??? and this works for you??? I had read that the X509Anchor was a thing of the past (for Leopard) and that these certificates now belong to the Login keychain instead... Corentin  Signature--- Mac:MS MVP http://www.cortig.net/wordpress/ --- http://www.mvps.org - http://mvp.support.microsoft.com MVPs are not MS employees - Les MVP ne travaillent pas pour MS Remove "NoSpam" to e-mail me - Retirez "NoSpam" pour m'écrire Yes, this works for me. I added the cert to all the default keychains open in "Keychain Access" ("login", "Microsoft_Intermediate_Certificates" and "System") and none resolved the issue. Only worked when I manually opened the X509Anchors keychain and put the Cert there. Appears that Messenger is hard coded to check the X509Anchors keychain for TLS Certs. Keep in mind that this keychain exist in Leopard and contains many default Certs, it just is not *open* within the "Keychain Access" utility. On Nov 12, 11:21 am, korvent...@NoSpam.mvps.org (Corentin Cras-M?neur) wrote: > datb...@gmail.com <datb...@gmail.com> wrote: > > With Leopard however you must manually open [quoted text clipped - 13 lines] > MVPs are not MS employees - Les MVP ne travaillent pas pour MS > Remove "NoSpam" to e-mail me - Retirez "NoSpam" pour m'?crire > Appears that Messenger is hard coded to check the X509Anchors keychain > for TLS Certs. Keep in mind that this keychain exist in Leopard and > contains many default Certs, it just is not *open* within the > "Keychain Access" utility. VERY interesting. Thanks for mentioning that tip then (though I sure consider it as a Messenger bug). Corentin Signature--- Mac:MS MVP http://www.cortig.net/wordpress/ --- http://www.mvps.org - http://mvp.support.microsoft.com MVPs are not MS employees - Les MVP ne travaillent pas pour MS Remove "NoSpam" to e-mail me - Retirez "NoSpam" pour m'écrire |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.