Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
- Subject: Re: [Fed-Talk] CA11 Certificates Keychains and Entourage
- From: Brian Cadwell <email@hidden>
- Date: Mon, 17 Apr 2006 16:39:54 -0400
- Thread-topic: [Fed-Talk] CA11 Certificates Keychains and Entourage
Tim,
I'm just in the process of doing all this. I managed to import the Root CA 2
into X509Anchors, but now I'm having trust issues. How do I get OS X to
bless this bad boy?
PS - for those of you that go to GDS and see only the base64 version of the
new root. This is the command I used to decode it:
openssl base64 -d -in ~/Desktop/Root_CA2.base64 -out ~/Desktop/rootca2.cer
I simply cut and pasted the text from the website into a text file and
called it Root_CA2.base64 .
bc
On 4/17/06 1:52 PM, "Timothy J. Miller" <email@hidden> wrote:
> Jerry Roy wrote:
>> I just received a new 64-bit CAC card with CA11 certificates on it. How
>> does one go about getting Keychains to recognize the certificates as
>> vaild. The system defaults at CA10 so it won¹t recognize newer certs.
>> Does Apple have an update site for this?
>
> CAs 11, 12, 13, and 14 (EMAIL and ID--that's a total of 8) are
> brand-spanking-new and are signed under the new 2048-bit root CA. So
> you'll need to install the new root in X509Anchors, and the new issuing
> CAs in X509Certificates.
>
> You can do this through the Keychain Access import dialog (double-click
> on the .cer certificate file) by selecting the keychain as appropriate.
> You *may* need to add these two system keychains to your keychain list
> (apple-option-L in Keychain Access, and they're stored in
> /System/Library/Keychains/).
>
> Whether Apple keeps pace or not as new CAs come online I have no idea.
>
> -- Tim
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden