User profile for user: WebServing
WebServing Author
User level: Level 1
15 points

Warning: accessing obsolete X509Anchors?

Recently upgraded Mac OS X Server 10.4.10 to 10.5.1 through the upgrade option from the install DVD. Tiger to Leopard transition worked more smoothly than previous upgrades.

I would like to know the root of these error messages though? Where should I start looking?
Every 30s these error messages appear in the system.log.

Dec 3 16:38:53: --- last message repeated 5 times ---
Dec 3 16:38:53 machine /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin[240]: Warning: accessing obsolete X509Anchors.



In the /etc/certificates directory I find:
.defaultCertificateCreated
Default.crt
Default.crtkeyDefault.csr
Default.key
x509anchors.pem
+ my domain certs


In the /System/Library/Keychains directory I find:
SystemCACertificates.keychain
SystemRootCertificates.keychain
SystemTrustSettings.plist
X509Anchors
X509Certificates.obsoleted


In the Keychain Access.app I find X509Certificates empty, with a dotted, rounded corner square icon.
X509Anchors and System Roots are almost identical in there certificates except System Roots containing 12 more certificates.

I understand Leopard has changed its handling of certificates. Could someone please explain?


Any suggestions welcome.


Cheers 🙂

Message was edited by: WebServing

PowerMac G4 DP 1000, Mac OS X (10.5.1)

Posted on Dec 3, 2007 8:10 AM

Reply
13 replies
Sort By: 
User profile for user: WebServing
WebServing Author
User level: Level 1
15 points

Dec 9, 2007 6:48 AM in response to WebServing

FWIW same error messages pop up in the logs, when using Workgroup Manager and Keychain Access:

Dec 9 15:35:40 machine /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access[34889]: Warning: accessing obsolete X509Anchors.

Dec 9 15:40:30 machine /Applications/Server/Workgroup Manager.app/Contents/MacOS/Workgroup Manager[35046]: Warning: accessing obsolete X509Anchors.




Anyone have a solution for this?


Cheers 🙂
Reply
User profile for user: garygg
garygg
User level: Level 1
21 points

Dec 9, 2007 11:22 AM in response to WebServing

Hi. I'm getting the same error message on my machine and it's not a server. Just running plain old Leopard on my networked PowerMac here at the house. Googled the error message and wound up here in the Leopard Server thread. Didn't know if it would be of interest to you that the regular OS is generating this error as well.
Reply
User profile for user: David Fennell
David Fennell
User level: Level 1
5 points

Dec 18, 2007 1:41 PM in response to WebServing

I get the same message from Apple Mail after upgrade on 10.5.1 client system. The answer may be here http://www.entourage.mvps.org/faq_topic/leopard.html

"... As it turns out, the X509Anchors file, as of Leopard, has been made obsolete - but not entirely... It can (and is) still read from, but cannot be written to - at least not with any GUI interface like Apple Keychain or Microsoft Cert Manager.

As Entourage looks at this X509Anchors file for the Root Certificate and not in the new SystemCA/RootCertificates.keychain files, of course it's not going to find it! This also explains why people that upgraded rather than fresh installed did not encounter this age old problem again. "
Reply
User profile for user: WoodyM
WoodyM
User level: Level 1
10 points

Mar 4, 2008 7:40 PM in response to WebServing

Hi,

This one stumped me quite a while as I saw the same problem on my 10.5.x client. After some searching, I found that /Library/Preferences/com.apple.security-common.plist contained references to X509Anchors and X509Certificates. That was the only place I could figure that Keychain Access was finding them.

By the way, I found the references using Terminal as follows:
$ sudo grep -i -r X509Anchors /Library/Preferences/*

The file was last changed in 2005 so on a hunch, I renamed it to com.apple.security-common.plist.bak, then logged out and back in. I renamed it in the Finder.

And VOILA, when I opened Keychain Access, the funny round boxes and duplicate copies of login.keychain were all gone from the list and I had no more entries in the Console about accessing obsolete keychain X509Anchors!

Now if I could just merge my old keychain (accountname.keychain) into my login.keychain, then all would be really good. 🙂

Just as an aside, when I upgraded to 10.5 from 10.4, my finder Sidebar under Places was messed up with duplicate entries and a Desktop icon that didn't work right. I also found that when I deleted ~/Library/Preferences/com.apple.sidebarlists.plist that the problems went away.
Reply
User profile for user: WoodyM
WoodyM
User level: Level 1
10 points

Mar 12, 2008 9:35 AM in response to macmark2

The .bak file extension is not necessary. I just renamed the file so it wouldn't be used to make sure I found the real problem. I could have moved the file to the desktop, but I didn't want to delete it immediately. Now that I know it was the problem I can delete it, as can you. Thanks!
Reply
User profile for user: Hezekiah Barnes
Hezekiah Barnes
User level: Level 1
120 points

Apr 23, 2008 3:12 PM in response to Rob B. Campbell

in reference to what? I too was seeing this error but specifically for Entourage. Microsoft has a piece posted about it in the link posted above.

http://www.entourage.mvps.org/faq_topic/leopard.html

We had the issue with Entourage 08, it all of a sudden began trying to use X509Anchors for SSL with no explanation. We ended up having to remove the account from Entourage & re-add it & all worked fine. I think Entourage 08 still has a few bugs to iron out.

The issue is probably more correctly observed as an application issue rather than a system issue. Certain applications are trying to use outdated methods that no longer work in Leopard & in most of these situations deleting the correct preference file for that app seems to solve the issue.
Reply
User profile for user: nazgul
nazgul
User level: Level 2
189 points

Jun 26, 2008 2:50 PM in response to Hezekiah Barnes

I disagree.

Jun 26 17:47:46 139 Safari[295]: Warning: accessing obsolete X509Anchors.

That's not Entourage complaining, it's Safari.

Furthermore the empty entries in KeyChain which can't be deleted aren't an app issue.

It definitely looks to me like someone (at Apple) forgot to cleanup an old preference file.
Reply
User profile for user: fyr
fyr
User level: Level 1
0 points

Jul 20, 2008 3:14 AM in response to David Fennell

I just switch complains from Entourage :
Jul 16 15:11:07 Helios /Applications/Microsoft Office 2008/Microsoft Entourage.app/Contents/MacOS/Microsoft Entourage[341]: Warning: accessing obsolete X509Anchors.

to Mail.app and Safari :
Jul 17 10:11:38 Helios /Applications/Safari.app/Contents/MacOS/Safari[9266]: Warning: accessing obsolete X509Anchors.

After this command :
Jul 16 22:06:45 Helios sudo[16144]: fyr : TTY=ttys000 ; PWD=/Users/fyr ; USER=root ; COMMAND=/usr/bin/certtool i root_certificate.cer v k=/System/Library/Keychains/X509Anchors

and use Keychain Access.app tools to add the /System/Library/Keychains/X509Anchors (that just add a X509Anchors in the Keychains like the same as System Roots) Remove this entry just switch back the warning 🙂
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Warning: accessing obsolete X509Anchors?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up