I am unable to find X509 Anchors in my Keychain on Mac OS X Yosenmite

Question

Level 1

0 points

I am unable to find X509 Anchors in my Keychain on Mac OS X Yosenmite

I am trying to install a configMgr Certificate and i am unable to find the X509 Anchors. The Truster Root CA cert which is on Microsoft Certificate Authority when double clicked i installs the cert in System store and is giving an error when i use the software saying "Certificate has Untrusted Root" i did search on Microsoft forums and was suggested to put the cert in X509 Anchor but i am unable to locate it. Below is the attached screen shot of my Keychains

MacBook Pro, OS X Yosemite (10.10.1)

Posted on Jan 28, 2015 10:59 PM

Reply

Answer 1

Jan 29, 2015 6:35 AM in response to v_2ask

A Root CA certificate is not based on a another Certificate authority -- it must stand on its own.

An Intermediate certificate Authority is based on another Root CA, typically well known and verifiable automatically on the Internet..

If Trusteer is using a Root CA, and the system does not automatically trust it, you have a tough decision to make. Do you tell it that Root is Trusted (and build your Trust net on "because I said so" or do you get that Root working correctly. I would ask Trusteer for help, as it is their certificate that appears to be not Trusted automatically.

Reply

Answer 2

v_2ask Author

Level 1

0 points

Jan 29, 2015 6:46 AM in response to Grant Bennet-Alder

The Root CA cert is the one Which is used to trust the Root CA and any of the certs which is issued by the Toot CA. if this certificate is not present in the correct store in Windows Machines any of the issued cert from the Root CA will not be trusted by the machine. I want to achieve the same as i have an Enterprise Certificate Authority which has issued some certs for secured communication and this is where i am facing issue. I have to put the Root CA cert in the correct store in the Mac machine so the issued cert can be trusted by the application and Mac

Reply

Answer 3

Jan 29, 2015 6:55 AM in response to v_2ask

You only have a Root CA on your machine if YOU are the issuing Authority.

All others use an Intermediate CA, based on a well-known and verifiably Trusted certificate authority on the Internet.

http://en.wikipedia.org/wiki/Root_certificate

Reply

Answer 4

v_2ask Author

Level 1

0 points

Jan 29, 2015 7:04 AM in response to Grant Bennet-Alder

we have a Root CA, and 3 Intermediate CA's.

Reply

Answer 5

Jan 29, 2015 7:14 AM in response to v_2ask

I strongly recommend you consult the software issuers for assistance. The Trusteer Root CA is not a certificate YOU should be holding.

Reply

Answer 6

v_2ask Author

Level 1

0 points

Jan 29, 2015 8:14 AM in response to Grant Bennet-Alder

That is a cert which is required by the application to work. no one can do any harm with that .Cer. The Private key can be compromised if the certificate with private key is compromised.

Reply

Answer 7

Jan 29, 2015 8:24 AM in response to v_2ask

Trusteer Root CA should be on the Internet. at most, you should have an Intermediate Certificate authority based on Trusteer Root.

For any Services that you originate, it is fine to have your own Root CA. Your system users can then Trust it because "you said so." I run Mac OS X Server, and I created my own Root CA. If you want to use my Server, you have to trust the certificate I created (but I am not hosting a Web site or supporting e-commerce.)

For things like Application Apple Developer Support, I have an Intermediate certificate, based on Apple Root CA.

Reply