3 Replies Latest reply: Jun 10, 2008 10:29 AM by Lawrence Jones1
CosMac Level 1 Level 1 (20 points)
The com.apple.kerberos.kdc certificate is a self signed root certificate(atleast it claims to be so) and is from a non trusted source. Should i keep it? Also, there is(was) another certificate that i accidentally deleted that too claims to be related to apple. Anyone have any opinion on these certificates? Only these two are set to expire in 2028. Rest of the certificates are all trusted and have no expiry dates.

iMac intel 1.83 GHz, 15" MacBook Pro, Mac OS X (10.5.2), 2GB RAM
  • 1. Re: com.apple.kerberos.kdc certificate
    LAHconsulting Level 1 Level 1 (5 points)
    I am having issue with com.apple.kerberos.kdc certificate(s) as well. I recently setup OS X Server 10.5 with updates to v10.5.2. I cannot get Mail, iCal/CalDAV, Sharing, and other serves to work from my client computers. It appears the issue is related to security and certficates named com.apple.kerberos.kdc & com.apple.systemdefault where the root certificates are self-signed and have the error message, "This root certificate is not trusted". Currently working to resolve this issue. So far it looks like I need to use Certificate Assistant to setup myself as CA (certificate authority) on my server and then set the trust values for the certificate. Since I'm a new comer to OS X Server I am still researching and looking for direction prior to proceeding. I setup OS X 10.5.x server in standard mode using Server Assistant, but expect to eventual switch to advanced mode when I get up to speed with server setting and preferences.

    Anyone have any advise on how to resolve this certificate problem?
  • 2. Re: com.apple.kerberos.kdc certificate
    Dez Chesterfield Level 1 Level 1 (10 points)
    You should keep them. See this article <http://support.apple.com/kb/TS1452>

    I am experiencing the problem that the above article refers to - i.e. when connecting to a computer in the .local domain, I am prompted for a password, rather then being authenticated automatically with Kerberos. However, I have not removed my com.apple.kerberos.kdc certificate or key pair on any of my Macs. Also, I can see that the 'Not Valid Before' date matches when I installed Leopard on that particular computer, which is different for each of my Macs.

    So my problem is continuing!...
  • 3. Re: com.apple.kerberos.kdc certificate deleted
    Lawrence Jones1 Level 1 Level 1 (10 points)
    I have a related question. Because of a security concern, I studied keychain access entries offline, found these certificates marked "This root certificate is not trusted":
    com.apple.kerberos.kdc
    com.apple.systemdeault
    Dashboard Advisory

    Absent any other clues, I deleted them before reconnecting to the network. I see no consequence yet, but now I find
    http://support.apple.com/kb/TS1452
    which says do not delete these.

    1. What is the consequence of deletion?
    2. How do I restore them short of reinstalling 10.5 (please, not that!)?

    Thank you.