• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] Why can I open some certificates but not others?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] Why can I open some certificates but not others?

  • Subject: [Fed-Talk] Why can I open some certificates but not others?
  • From: John Oliver <email@hidden>
  • Date: Tue, 20 Nov 2012 10:33:07 -0800
  • Thread-topic: Why can I open some certificates but not others?
Security find-certificate –a /System/Library/Keychains/SystemRootCertificates.keychain will find and list all certificates.  The labl of two examples are:

"AOL Time Warner Root Certification Authority 2"

"ApplicationCA"


So…


flamingo:Root_certs joliver$ security find-certificate -c "AOL Time Warner Root Certification Authority 2" /System/Library/Keychains/SystemRootCertificates.keychain

keychain: "/System/Library/Keychains/SystemRootCertificates.keychain"

class: 0x80001000 

attributes:

    "alis"<blob>="AOL Time Warner Root Certification Authority 2"

    "cenc"<uint32>=0x00000003 

    "ctyp"<uint32>=0x00000001 

    "hpky"<blob>=0x2B0AAE28A739567A0454A12A2207E59D33C75617  "+\012\256(\2479Vz\004T\241*"\007\345\2353\307V\027"

    "issu"<blob>=0x308183310B3009060355040613025553311D301B060355040A1314414F4C2054494D45205741524E455220494E432E311C301A060355040B1313414D4552494341204F4E4C494E4520494E432E313730350603550403132E414F4C2054494D45205741524E455220524F4F542043455254494649434154494F4E20415554484F524954592032  "0\201\2031\0130\011\006\003U\004\006\023\002US1\0350\033\006\003U\004\012\023\024AOL TIME WARNER INC.1\0340\032\006\003U\004\013\023\023AMERICA ONLINE INC.1705\006\003U\004\003\023.AOL TIME WARNER ROOT CERTIFICATION AUTHORITY 2"

    "labl"<blob>="AOL Time Warner Root Certification Authority 2"

    "skid"<blob>=0x4F696D037E9D9F071843BCB7104ED5BFA9C42028  "Oim\003~\235\237\007\030C\274\267\020N\325\277\251\304 ("

    "snbr"<blob>=0x01 

    "subj"<blob>=0x308183310B3009060355040613025553311D301B060355040A1314414F4C2054494D45205741524E455220494E432E311C301A060355040B1313414D4552494341204F4E4C494E4520494E432E313730350603550403132E414F4C2054494D45205741524E455220524F4F542043455254494649434154494F4E20415554484F524954592032  "0\201\2031\0130\011\006\003U\004\006\023\002US1\0350\033\006\003U\004\012\023\024AOL TIME WARNER INC.1\0340\032\006\003U\004\013\023\023AMERICA ONLINE INC.1705\006\003U\004\003\023.AOL TIME WARNER ROOT CERTIFICATION AUTHORITY 2"


That works.


flamingo:Root_certs joliver$ security find-certificate -c "ApplicationCA" /System/Library/Keychains/SystemRootCertificates.keychain

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.


That does not.  The "alis" and "labl" for each example are identical, and I see no other unique identifier.  Running strings against the keychain file didn't help me.  I suppose a hex dump may have an answer, but my feet aren't touching bottom any more at that point :-)


In case anyone is going to suggest doing it by SHA1 hash, please see my thread from yesterday :-)

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] How to examine certificate from command line?
  • Next by Date: [Fed-Talk] Fwd: OpenBSM new addition: auditdistd.
  • Previous by thread: Re: [Fed-Talk] How to examine certificate from command line?
  • Next by thread: [Fed-Talk] Fwd: OpenBSM new addition: auditdistd.
  • Index(es):
    • Date
    • Thread