Print this article

OS X: Make the ECN Root Certificate a Trusted Certificate in OS X

Programs in Mac OS X which use Secure Sockets Layer, a security protocol used during some file transfers on the Internet, might require a "certificate" to be installed so that error messages do not appear. These programs might include Safari, Thunderbird, and Eudora. To circumvent this problem, you can add ECN's root certificate to the list of trusted root certificates in Mac OS X. This will stop many of the warnings and problems experienced.



Adding the ECN Root Certificate on Mac OS X 10.5 Leopard and 10.6 Snow Leopard

If your Mac is running Mac OS X  10.4 or earlier, scroll down on this page to see the version-specific instructions. This section is for Mac OS X 10.5 Leopard.

1. Start by clicking the following link to get a copy of ECN's ASCII-based root certificate:  Download the certificate file

2. Open the Keychain Access program.  (In the dock, click the Finder icon.  Then click on the Go menu and select "Utilities."  You'll find Keychain Access in there.)

3. Click on the File menu and select "Import Items."  Navigate to the location where you saved the downloaded file in step #1.  (Common locations are the Downloads folder or the Desktop.)

Adding ECN root certificate on Mac OS

4. When finding the certificate files, change the "Destination Keychain" drop down to "login."

Select login in Destination Keychain

5. A dialog will appear which asks, "Do you want your computer to trust certificates signed by 'Engineering Computer Network' from now on?"  Click on the "Always Trust" button.

6. If a password prompt appears, type in the username and password of an account on your Macintosh which has administrative privileges.

7. Click on the Keychain Access menu and select "Quit" (or press command-Q) to quit the program.


Adding the ECN Root Certificate on Mac OS X 10.4 Tiger

First, download the ECN ASCII-based root certificate, with an extension of .crt. Click this link to download it.

Next, Open Keychain Access (located at /Applications/Utilities/Keychain Access). OS 10.4 Tiger users will need to click Show Keychains in the lower left hand corner. See Figure 1.

Figure 2 Figure 1

The list of keychains will appear above the categories. X509Anchors will already be in the list. If for some reason it's missing, you can manually add it by selecting Keychain List from the Edit menu, clicking the + (plus) button in the lower left hand corner, navigating to /System/Library/Keychains, and selecting X509Anchors.

Select X509Anchors from the list of keychains. The keychain will be locked, but you can unlock it by clicking on the padlock icon above the list of keychains. Enter your administrator password, and the keychain will unlock. See Figure 2.

Figure 3 Figure 2

Now that the certificate is unlocked, add the certificate. You can do this by double-clicking the certificate on the desktop, and directing the certificate to the X509Anchors keychain. See Figure 4. You can also select the X509Anchors certificate in Keychain Access and select Import... from the File menu.

Figure 4 Figure 3

The certificate has now been added to the X509Anchors keychain. You can verify this by selecting the X509Anchors certificate in Keychain Access and finding "Engineering Computer Network" as a listed certificate. See Figure 4.

Figure 5 Figure 4


NOTE: Keychain Access will warn you that the certificate you just added " not in the trusted root database." To clear this warning, simply restart Keychain Access.


Adding the ECN Root Certificate on Mac OS X 10.2 or 10.3

First, open a web browser and load ECN's UNIX support site. At the bottom of the page, you will find the ASCII-based root certificate, with an extension of .crt. Click that link to download it. See Figure 1.

Figure 1 Figure 1

Before we add the root certificate to OS X, we need to show Keychain Access where the root keychain is. Open the application (located at /Applications/Utilities/Keychain Access) and select Add Keychain... from the File menu. In the resulting dialog box, select the X509Anchors keychain found at /System/Library/Keychains/X509Anchors and click Open. If the keychain is grayed out, it has already been added to the list of keychains in Keychain Access. See Figure 2.

Figure 2 Figure 2

In the upper right corner of the Keychain Access window, click "Show Keychains" to show the list of keychains that Keychain Access is aware of. X509Anchors should now be in that list. See Figures 3 and 4.

Figure 3 Figure 3 Figure 4 Figure 4

Now, find the file on the desktop and double-click it. Keychain Access will ask where you would like the keychain to be placed. From the list, select X509Anchors and click OK. See Figure 5.

Figure 5 Figure 5

The ECN root certificate is now added to X509Anchors. See Figure 6. At this point applications (such as Eudora and Safari) that require SSL connections should not complain about certificates anymore.

Figure 6 Figure 6

Last Modified: Dec 19, 2016 11:12 am US/Eastern
Created: Nov 6, 2007 1:36 pm US/Eastern by admin