Re: [Fed-Talk] DHS and DOE Certificates
Re: [Fed-Talk] DHS and DOE Certificates
- Subject: Re: [Fed-Talk] DHS and DOE Certificates
- From: Michael Kluskens <email@hidden>
- Date: Wed, 25 Oct 2006 16:01:56 -0400
On Oct 25, 2006, at 3:40 PM, Michael Kluskens wrote:
On Oct 25, 2006, at 3:02 PM, Paul Derby wrote:
I'm starting to get signed emails from Dept of Homeland Security
and Department of Energy/Los Alamos Labs people. Their X.509
"entrust" certificate is going to my key chain just fine. They
are receiving my Thawte X.509 certificate just fine. They can
send encrypted email to me, but I can't send encrypted email to
them. I've been getting emails to and from US Army personnel with
no issues at all. But I have the DoD root certificates on my
machine for the DoD.
I think I'm missing the certificate authority "root certificate"
for DHS and DOE/LANL. OS X give me this error: "This certificate
was signed by an untrusted issuer". I did go into the Keychain
Access Utility and change the Trust Settings from "Use System
Settings" to "always trust". This made no difference.
Any idea on how to either configure OS X to encrypt without the
root certificate or where to download and install the Certificate
Authority root certificates so my machine will let me encrypt
messages back to these people?
I believe that if you examine an untrusted certificate you can
locate the name of the untrusted signer, then locate that
certificate and so on back up the chain. You should be able to set
that top certificate to be trusted.
I had this problem now and this is how to solve it:
Certificate from person A was signed by "DOD Email CA-11" which is
signed by "DoD Root CA 2". I changed the trust settings on "DoD Root
CA 2" to always trust quite a while ago but this didn't solve the
problem because it was in my Login keychain.
However, what I did was export "DoD Root CA 2" as a .cer file, then
unlock the System, X509Anchors, and X509Cerfiticates keychains, then
import the "DoD Root CA 2.cer" file into one of those root level
keychains (Keychain Access puts it into the System keychain).
Marking it trusted then didn't have an effect until I quit and
relaunched Keychain Access.
Michael
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden