Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Sam Peascod1
Sam Peascod1 Author
User level: Level 1
25 points

SSL Installation using certtool

Hello,

I have a commercial SSL certificate which I'm trying to attach to our Xserve (function as an IMAP/SMTP mail server (with webmail) and VPN server). I am following the instructions here:

http://developer.apple.com/server/security_ssl.html

When I get to creating the keychain (certtool c k="..."), I get this error:

*Error getting keychain handle

Is there another way I can do this? I've had a look at the keychain manager in GUI, but I'm not sure if this will work since it needs to be run as root (and I can't login to the GUI as root).

Any ideas?

Sam

Posted on Aug 7, 2005 8:44 PM

Reply
2 replies
User profile for user: Justin Morgan
Justin Morgan
User level: Level 1
19 points

Aug 15, 2005 3:20 PM in response to Sam Peascod1

Like you, I was not able to create a keychain using the certtool command as supplied in the URL you referenced. I was able to get around this problem this way:
1) sudo to root shell with "sudo su -"
2) as root, cd into Keychain Access.app within the contents / mac os subfolder to find the Keychain Access executable
3) launch Keychain Access from the command line (this launches it as root) by typing "./Keychain\ Access" (you'll see Keychain Access GUI on your screen)
4) in the Keychain Access GUI, use the menu item to create a new keychain called "certkc"

Your keychain is now created for the root user.

The next step in that document is to import your certificate into the keychain using "certtool i...". That command didn't work for me until I replaced the "k=certkc" with "k=certkc.keychain".

Hope that helps,

Justin
Reply
User profile for user: Sam Peascod1
Sam Peascod1 Author
User level: Level 1
25 points

Aug 15, 2005 11:50 PM in response to Justin Morgan

Thanks very much for your help Justin. I've overcome the certificate import problem using the process you suggested.

Did you have to do anything else to get it to work with Mail/Web? The Apple instructions say (for Mail anyway) that you simply need to tell the server to Require SSL. However, unless the keychain process creates a new certificate under "Default", I'll need to add a Custom Configuration.

Thanks,

Sam
Reply

SSL Installation using certtool

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up