[X4U] Keychain Certificates? - And more Help

Stroller macmonster at myrealbox.com
Fri Jan 11 17:56:05 PST 2008 

On 11 Jan 2008, at 23:39, Rod Duncan wrote:
> ...
> Long story short we decided to delete the security certificates we  
> found stored in Keychain. In seemed reasonable at the time however  
> now, we can't even access MSN as it is looking for a security  
> certificate. I figured, like a preference, the application would  
> just restore a new certificate that it needs or finds lacking.

Ooops. There are a number of items stored in different keychains,  
which are therefore visible in the "Keychain Access" program.

In the left-hand pane of Keychain Access are a number of categories.  
I think that the stuff one might most safely delete are "Passwords" -  
I have certainly deleted these if, for instance, I have changed the  
password on a wireless router and I want to reenter its password (the  
new one) next time I connect.

I see that the "Certificates" category includes stuff from Thwaite &  
Verisign - I know those are companies that provide "secure" website  
certificates to banks & e-commerce websites, so I assume these are  
the master certificates that ship with the o/s so that Safari knows  
these sites are "safe" without you having to tell it so.

I note that I also have certificates from named individuals - Bob  
Smith & the like - as certificates, but upon inspection these are  
generally signed or issued by one of those larger authorities named  
above (this sort of signing supports delegation) so I assume that  
these have been added automatically when I have visited sites.

> We still have the G3 portable to pull information from if we need  
> to reinstall from there. If we do need to restore these  
> certificates, where would I find them and where are they accessed  
> in the system?

   $ sudo find / -iname "*.keychain"
   /Library/Keychains/System.keychain
   /Users/stroller/Library/Keychains/login.keychain
   $

Note also that there's a "Microsoft_Intermediate_Certificates" file  
in ~/Library/Keychains/". I guess it could be that that's b0rked?

I know you can copy keychains from one machine to the other - I have  
done to migrate all my saved passwords from my old laptop to my new  
one - but exercise caution and backup the original files (from now  
on, anyway!). I haven't poked my nose in the full implications of  
moving keychain files around, and I guess there may be a potential  
for locking oneself out of one's user account (no problem if the  
machine can be mounted in target mode & changes revoked, I assume). I  
think it's possible to have a different user & keychain passwords,  
and that this might produce behaviour which may surprise or confuse  
the unprepared user.

Stroller.

More information about the X4U mailing list