Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rate Thread Display Modes
Old 01-16-2006, 04:37 PM   #1
vancenase
All Star
 
Join Date: Apr 2003
Location: OH
Posts: 934
Deleted certificates in X509Anchors (Keychain)

Hi All-

In Safari I clicked on a link that prompted me to deny/accept a security certificate. I accidentially hit 'enter' instead of clicking deny, and I thought it probably added something to my Keychain. Without doing any research on what to delete, I deleted all of the certificates from the Keychain X509Anchors (thinking that I would be prompted to accept what was there previously when I accessed them at a later point). Now I'm having trouble checking my gmail account through Mail.app. I am prompted that Mail cannot verify the SSL server, and if I hit continue I am allowed to access gmail while the application is open -- but it never remembers my preference. It never happened before I deleted all of the certificates out of X509Anchors, so it must have something to do with that.

How can I restore the original certificates in X509Anchors in the Keychain?

Thanks.
vancenase is offline   Reply With Quote
Old 01-17-2006, 07:13 AM   #2
vancenase
All Star
 
Join Date: Apr 2003
Location: OH
Posts: 934
... after reading up, I wonder if I deleted the X509Certificates keychain ... it's not present in Keychains Access.app
vancenase is offline   Reply With Quote
Old 01-17-2006, 10:57 AM   #3
TrumpetPower!
Major Leaguer
 
Join Date: Dec 2005
Location: Tempe, AZ
Posts: 276
The files live here:

Code:
/System/Library/Keychains/X509Anchors
/System/Library/Keychains/X509Certificates
If you deleted the whole keychain...you'll need it back. If you don't have a backup of it, it's on the OS install disk. The easiest thing to do is just re-install the OS (and then the updates from Software Update). If you don't have the time to do that, there's that program whose name I can never remember that'll let you extract individual files from installers.

Cheers,

b&
TrumpetPower! is offline   Reply With Quote
Old 06-22-2008, 08:02 AM   #4
Meanman333
Prospect
 
Join Date: May 2008
Posts: 15
Quote:
Originally Posted by TrumpetPower!
The files live here:

Code:
/System/Library/Keychains/X509Anchors
/System/Library/Keychains/X509Certificates
If you deleted the whole keychain...you'll need it back. If you don't have a backup of it, it's on the OS install disk. The easiest thing to do is just re-install the OS (and then the updates from Software Update). If you don't have the time to do that, there's that program whose name I can never remember that'll let you extract individual files from installers.

Cheers,

b&

I've done the same thing, and I can see these on my computer:

/System/Library/Keychains/X509Anchors
/System/Library/Keychains/X509Certificates

The only problem is, what do I do with those files and how do I get them back into my keychain? It says the type is 'document' and I can't open those files with Keychain Access, nor can I seem to import them into the X509Anchors keychain (I only deleted the keychain items, not the actual keychain)
Meanman333 is offline   Reply With Quote
Old 06-23-2008, 10:05 AM   #5
Meanman333
Prospect
 
Join Date: May 2008
Posts: 15
Please Help

Please please don't ignore this, I've made a lot of posts asking for help on this but haven't received help!

Basically I need the X509 certificates back, and I know how to get them back, but it wont work. I can't import the X509 certificates back into keychain access from system>library for some reason. It is ruining my whole internet as it is needed for so many things.

I know how to import certificates etc, but for some reason when I try and import the files they aren't clickable and they simply have the icon of a blank page, the type is 'document' when I click 'get info', and I can't seem to open them with Keychain Access.

How do I import these certificates or get them into a state where I can actually use them?
Meanman333 is offline   Reply With Quote
Old 06-23-2008, 11:01 AM   #6
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,459
Meanman333:
I have merged your new thread with the existing one you replied to on the same topic - please don't start new threads when one on the topic already exists.
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Old 06-23-2008, 11:35 AM   #7
Meanman333
Prospect
 
Join Date: May 2008
Posts: 15
Quote:
Originally Posted by hayne
Meanman333:
I have merged your new thread with the existing one you replied to on the same topic - please don't start new threads when one on the topic already exists.

What am I meant to do if nobody replies?
Meanman333 is offline   Reply With Quote
Old 06-23-2008, 11:50 AM   #8
baf
MVP
 
Join Date: Jun 2007
Location: Skellefteċ, Sweden
Posts: 1,173
Well let's see if we can fix this. First I need to check a few things to see if I get any ideas.

Start terminal (applications/utilities/terminal) then paste the following there:
ls -l /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Certificates
press enter then copy and paste the result back here.

also try logging in as a different user preferably new. Check if x509 keychain is empty or normal for that user.
__________________
/Bengt-Arne Fjellner IT-Administrator Luleċ university, Sweden.
Some say: "You learn as long as you live".
My way: "You live as long as you learn".
baf is offline   Reply With Quote
Old 06-23-2008, 02:26 PM   #9
Meanman333
Prospect
 
Join Date: May 2008
Posts: 15
Upon entering the specified command, I was returned with this:

-rw-r--r-- 1 root wheel 22752 May 30 20:31 /System/Library/Keychains/X509Anchors
-rw-r--r-- 1 root wheel 131256 Oct 6 2007 /System/Library/Keychains/X509Certificates

I also tried creating a new account to check if the keychains were the same, and they are. No X509 certificates there either.
Meanman333 is offline   Reply With Quote
Old 06-23-2008, 02:42 PM   #10
baf
MVP
 
Join Date: Jun 2007
Location: Skellefteċ, Sweden
Posts: 1,173
Well X509Anchors is much too short and is the one who's date has changed. So that file is necessary to replace. Search for a program named pacifist with that you should be able to extract the original one from your install dvd:s then we'll see if that helps.
Oh and dont overwrite the current one just move it to a new name.
Also save a copy of the new one as a backup if we manage to hurt the new one too.
__________________
/Bengt-Arne Fjellner IT-Administrator Luleċ university, Sweden.
Some say: "You learn as long as you live".
My way: "You live as long as you learn".

Last edited by baf; 06-23-2008 at 02:44 PM.
baf is offline   Reply With Quote
Old 06-23-2008, 03:19 PM   #11
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,459
Note that I recommended the use of Pacifist in your original thread about this problem:
http://forums.macosxhints.com/showthread.php?t=90795
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Old 12-10-2008, 07:45 AM   #12
pts2
Registered User
 
Join Date: Dec 2008
Posts: 1
another option for replacing accidentally deleted certificates in X509Anchors

I had this problem and solved it this way:

1) Went to a mac that I trusted, that didn't have this problem (still had its original certificates).

2) Opened Keychain Access on this machine

3) Selected "show keychains" (button below the frame on the left of the Keychain window titled "Category")

4) clicked on "X509Anchors" in the new "Keychains" frame that appears after you do step 3. All my certificates appeared in the main window

5) selected all the certificates in the main window (not sure if this is necessary)

6) chose "Export" under the "File" menu. This will allow you to save them as a file, call it "good-certificates" or whatever. There are different options for file format, but I don't think this matters.

7) transfer this "good-certificates" file to the computer missing its certificates

8) redo steps 2-4 on the computer missing its certificates

9) chose "Import" under the "File" menu in Keychain Access. Select the file you made in step 6 and transferred over in step 7

10) close Keychain Access (not sure why this was necessary, or even if it is necessary, but I didn't see the new certificates in Keychain Access until I closed it and reopened it).

This worked for me.

Hope this helps!

-Tom
pts2 is offline   Reply With Quote
Old 12-08-2009, 09:25 AM   #13
jinsoku3g
Prospect
 
Join Date: Dec 2009
Posts: 3
Hi, I made a topic in the wrong section. I'm digging up a historic thread, but just got my g4 powerbook, with )SX 10.4, i am really new to mac. cant use itunes (9813) i dont know anyone with a mac, i dont have an install disk.. i bought from a friend who said it was all working fine.. and i know this is the x509 anchor problem, because i have to change the settings to always trust for every webpage.. is there any way of getting the itunes and everything to work right on this computer? id really appreciate any help! thanks!
jinsoku3g is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 02:43 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.