Re: [Fed-Talk] Setting certificate trust
Re: [Fed-Talk] Setting certificate trust
- Subject: Re: [Fed-Talk] Setting certificate trust
- From: "Shawn A. Geddis" <email@hidden>
- Date: Sun, 14 Jun 2009 05:44:41 -0400
On Jun 11, 2009, at 4:14 PM, Miller, Timothy J. wrote:
Installing them into:
/System/Library/Keychains/SystemRootCertificates.keychain
/System/Library/Keychains/SystemCACertificates.keycha
Instead of into the user's keychain. The system keychains are
automatically
trusted. You can do this with certutil, but you have to run as root.
-- Tim
Tim,
Those Keychains only exist on Mac OS X 10.5 and there is no Automatic
Trust , but rather the Default Trust with the "System
Roots" (SystemRootCertificates.keychain) the Immutable store shipped
by Apple.
The "SystemCACertificates" (SystemCACertificates.keychain) is just a
pre-populated keychain, but is neither automatically trusted nor part
of the keychain list by default.
There is no such tool as "certutil" -- you may be mistakenly referring
to "certtool" which should not be used for this.
What you are referring to is: /usr/bin/security
- Shawn
_____________________________________________________
Shawn Geddis - Security Consulting Engineer - Apple Enterprise
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden