[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] CA11 Certificates Keychains and Entourage

Subject: Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
From: Brian Cadwell <email@hidden>
Date: Mon, 17 Apr 2006 16:39:54 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden
Thread-index: AcZiXxT6U0uoUs5SEdqdgwAWy4xM3A==
Thread-topic: [Fed-Talk] CA11 Certificates Keychains and Entourage
User-agent: Microsoft-Entourage/11.2.3.060209

Tim,

I'm just in the process of doing all this. I managed to import the Root CA 2
into X509Anchors, but now I'm having trust issues. How do I get OS X to
bless this bad boy?

PS - for those of you that go to GDS and see only the base64 version of the
new root. This is the command I used to decode it:

openssl base64 -d -in ~/Desktop/Root_CA2.base64 -out ~/Desktop/rootca2.cer

I simply cut and pasted the text from the website into a text file and
called it Root_CA2.base64 .

bc


On 4/17/06 1:52 PM, "Timothy J. Miller" <email@hidden> wrote:

> Jerry Roy wrote:
>> I just received a new 64-bit CAC card with CA11 certificates on it.  How
>> does one go about getting Keychains to recognize the certificates as
>> vaild.  The system defaults at CA10 so it won¹t recognize newer certs.
>>  Does Apple have an update site for this?
> 
> CAs 11, 12, 13, and 14 (EMAIL and ID--that's a total of 8) are
> brand-spanking-new and are signed under the new 2048-bit root CA.  So
> you'll need to install the new root in X509Anchors, and the new issuing
> CAs in X509Certificates.
> 
> You can do this through the Keychain Access import dialog (double-click
> on the .cer certificate file) by selecting the keychain as appropriate.
>   You *may* need to add these two system keychains to your keychain list
> (apple-option-L in Keychain Access, and they're stored in
> /System/Library/Keychains/).
> 
> Whether Apple keeps pace or not as new CAs come online I have no idea.
> 
> -- Tim
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/fed-talk/email@hidden
> 
> This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
  - From: "Timothy J. Miller" <email@hidden>

References:
	>Re: [Fed-Talk] CA11 Certificates Keychains and Entourage (From: "Timothy J. Miller" <email@hidden>)

Prev by Date: Re: [Fed-Talk] X509 Anchors/Certificates
Next by Date: Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
Previous by thread: [Fed-Talk] X509 Anchors/Certificates
Next by thread: Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
Index(es):
- Date
- Thread

Home