User profile for user: benry
benry Author
User level: Level 1
0 points

Safari, Keychain and PKI certs

I have to access a site using a personal PKI certificate. I can't seem to figure out how to get this to work in Safari or in keychain.

When I import the .cer file into Keychain's X509Anchors it indicates that
"this certificate was signed by an unknown authority" and I can't determine how to correct this.

I don't see any place where the personal certs are imported in Safari, unlike in IE and Mozilla Firefox.

The CA is going to cut off access if I can't get it to work in Safari and I'll have to start using a PC with IE (yuck). Anyone have any ideas?

Posted on Oct 30, 2005 6:03 PM

Reply
1 reply
User profile for user: JohnZ
JohnZ
User level: Level 1
4 points

Jan 16, 2006 8:45 PM in response to benry

Mail and Safari in Mac OS X seem to assume each user will only ever have a single certificate. They do not provide a way to pick from multiple certificates. So if you already have say a certificate you use to sign emails and someone issues you with a client certificate to access a secure web site, you are hosed. Safari will try to use your email signing certificate to access the web site and all will fail.

This is a huge pain and the only solution I have found is to use alternate apps like Firefox, etc. that have more than rudimentary certificate handling capabilities.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Safari, Keychain and PKI certs

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up