Deleted certificates in X509Anchors (Keychain)

vancenase · 01-16-2006, 04:37 PM

Hi All-

In Safari I clicked on a link that prompted me to deny/accept a security certificate. I accidentially hit 'enter' instead of clicking deny, and I thought it probably added something to my Keychain. Without doing any research on what to delete, I deleted all of the certificates from the Keychain X509Anchors (thinking that I would be prompted to accept what was there previously when I accessed them at a later point). Now I'm having trouble checking my gmail account through Mail.app. I am prompted that Mail cannot verify the SSL server, and if I hit continue I am allowed to access gmail while the application is open -- but it never remembers my preference. It never happened before I deleted all of the certificates out of X509Anchors, so it must have something to do with that.

How can I restore the original certificates in X509Anchors in the Keychain?

Thanks.

vancenase · 01-17-2006, 07:13 AM

... after reading up, I wonder if I deleted the X509Certificates keychain ... it's not present in Keychains Access.app

TrumpetPower! · 01-17-2006, 10:57 AM

The files live here:

Code:

/System/Library/Keychains/X509Anchors
/System/Library/Keychains/X509Certificates

If you deleted the whole keychain...you'll need it back. If you don't have a backup of it, it's on the OS install disk. The easiest thing to do is just re-install the OS (and then the updates from Software Update). If you don't have the time to do that, there's that program whose name I can never remember that'll let you extract individual files from installers.

Cheers,

b&

Meanman333 · 06-22-2008, 08:02 AM

Quote:

Originally Posted by TrumpetPower!


	The files live here: Code: /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Certificates If you deleted the whole keychain...you'll need it back. If you don't have a backup of it, it's on the OS install disk. The easiest thing to do is just re-install the OS (and then the updates from Software Update). If you don't have the time to do that, there's that program whose name I can never remember that'll let you extract individual files from installers. Cheers, b&

I've done the same thing, and I can see these on my computer:

/System/Library/Keychains/X509Anchors
/System/Library/Keychains/X509Certificates

The only problem is, what do I do with those files and how do I get them back into my keychain? It says the type is 'document' and I can't open those files with Keychain Access, nor can I seem to import them into the X509Anchors keychain (I only deleted the keychain items, not the actual keychain)

Meanman333 · 06-23-2008, 10:05 AM

Please please don't ignore this, I've made a lot of posts asking for help on this but haven't received help!

Basically I need the X509 certificates back, and I know how to get them back, but it wont work. I can't import the X509 certificates back into keychain access from system>library for some reason. It is ruining my whole internet as it is needed for so many things.

I know how to import certificates etc, but for some reason when I try and import the files they aren't clickable and they simply have the icon of a blank page, the type is 'document' when I click 'get info', and I can't seem to open them with Keychain Access.

How do I import these certificates or get them into a state where I can actually use them?

hayne · 06-23-2008, 11:01 AM

Meanman333:
I have merged your new thread with the existing one you replied to on the same topic - please don't start new threads when one on the topic already exists.

Meanman333 · 06-23-2008, 11:35 AM

Quote:

Originally Posted by hayne


	Meanman333: I have merged your new thread with the existing one you replied to on the same topic - please don't start new threads when one on the topic already exists.

What am I meant to do if nobody replies?

baf · 06-23-2008, 11:50 AM

Well let's see if we can fix this. First I need to check a few things to see if I get any ideas.

Start terminal (applications/utilities/terminal) then paste the following there:
ls -l /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Certificates
press enter then copy and paste the result back here.

also try logging in as a different user preferably new. Check if x509 keychain is empty or normal for that user.

Meanman333 · 06-23-2008, 02:26 PM

Upon entering the specified command, I was returned with this:

-rw-r--r-- 1 root wheel 22752 May 30 20:31 /System/Library/Keychains/X509Anchors
-rw-r--r-- 1 root wheel 131256 Oct 6 2007 /System/Library/Keychains/X509Certificates

I also tried creating a new account to check if the keychains were the same, and they are. No X509 certificates there either.

baf · 06-23-2008, 02:42 PM

Well X509Anchors is much too short and is the one who's date has changed. So that file is necessary to replace. Search for a program named pacifist with that you should be able to extract the original one from your install dvd:s then we'll see if that helps.
Oh and dont overwrite the current one just move it to a new name.
Also save a copy of the new one as a backup if we manage to hurt the new one too.

hayne · 06-23-2008, 03:19 PM

Note that I recommended the use of Pacifist in your original thread about this problem:
http://forums.macosxhints.com/showthread.php?t=90795

pts2 · 12-10-2008, 07:45 AM

I had this problem and solved it this way:

1) Went to a mac that I trusted, that didn't have this problem (still had its original certificates).

2) Opened Keychain Access on this machine

3) Selected "show keychains" (button below the frame on the left of the Keychain window titled "Category")

4) clicked on "X509Anchors" in the new "Keychains" frame that appears after you do step 3. All my certificates appeared in the main window

5) selected all the certificates in the main window (not sure if this is necessary)

6) chose "Export" under the "File" menu. This will allow you to save them as a file, call it "good-certificates" or whatever. There are different options for file format, but I don't think this matters.

7) transfer this "good-certificates" file to the computer missing its certificates

8) redo steps 2-4 on the computer missing its certificates

9) chose "Import" under the "File" menu in Keychain Access. Select the file you made in step 6 and transferred over in step 7

10) close Keychain Access (not sure why this was necessary, or even if it is necessary, but I didn't see the new certificates in Keychain Access until I closed it and reopened it).

This worked for me.

Hope this helps!

-Tom

jinsoku3g · 12-08-2009, 09:25 AM

Hi, I made a topic in the wrong section. I'm digging up a historic thread, but just got my g4 powerbook, with )SX 10.4, i am really new to mac. cant use itunes (9813) i dont know anyone with a mac, i dont have an install disk.. i bought from a friend who said it was all working fine.. and i know this is the x509 anchor problem, because i have to change the settings to always trust for every webpage.. is there any way of getting the itunes and everything to work right on this computer? id really appreciate any help! thanks!

01-16-2006, 04:37 PM	#1
vancenase All Star Join Date: Apr 2003 Location: OH Posts: 934	Deleted certificates in X509Anchors (Keychain) Hi All- In Safari I clicked on a link that prompted me to deny/accept a security certificate. I accidentially hit 'enter' instead of clicking deny, and I thought it probably added something to my Keychain. Without doing any research on what to delete, I deleted all of the certificates from the Keychain X509Anchors (thinking that I would be prompted to accept what was there previously when I accessed them at a later point). Now I'm having trouble checking my gmail account through Mail.app. I am prompted that Mail cannot verify the SSL server, and if I hit continue I am allowed to access gmail while the application is open -- but it never remembers my preference. It never happened before I deleted all of the certificates out of X509Anchors, so it must have something to do with that. How can I restore the original certificates in X509Anchors in the Keychain? Thanks.

06-23-2008, 10:05 AM	#5
Meanman333 Prospect Join Date: May 2008 Posts: 15	Please Help Please please don't ignore this, I've made a lot of posts asking for help on this but haven't received help! Basically I need the X509 certificates back, and I know how to get them back, but it wont work. I can't import the X509 certificates back into keychain access from system>library for some reason. It is ruining my whole internet as it is needed for so many things. I know how to import certificates etc, but for some reason when I try and import the files they aren't clickable and they simply have the icon of a blank page, the type is 'document' when I click 'get info', and I can't seem to open them with Keychain Access. How do I import these certificates or get them into a state where I can actually use them?

06-23-2008, 11:01 AM	#6
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 31,940	Meanman333: I have merged your new thread with the existing one you replied to on the same topic - please don't start new threads when one on the topic already exists. __________________ hayne.net/macosx.html

06-23-2008, 11:50 AM	#8
baf MVP Join Date: Jun 2007 Location: Skellefteå, Sweden Posts: 1,173	Well let's see if we can fix this. First I need to check a few things to see if I get any ideas. Start terminal (applications/utilities/terminal) then paste the following there: ls -l /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Certificates press enter then copy and paste the result back here. also try logging in as a different user preferably new. Check if x509 keychain is empty or normal for that user. __________________ /Bengt-Arne Fjellner IT-Administrator Luleå university, Sweden. Some say: "You learn as long as you live". My way: "You live as long as you learn".

06-23-2008, 02:42 PM	#10
baf MVP Join Date: Jun 2007 Location: Skellefteå, Sweden Posts: 1,173	Well X509Anchors is much too short and is the one who's date has changed. So that file is necessary to replace. Search for a program named pacifist with that you should be able to extract the original one from your install dvd:s then we'll see if that helps. Oh and dont overwrite the current one just move it to a new name. Also save a copy of the new one as a backup if we manage to hurt the new one too. __________________ /Bengt-Arne Fjellner IT-Administrator Luleå university, Sweden. Some say: "You learn as long as you live". My way: "You live as long as you learn". Last edited by baf; 06-23-2008 at 02:44 PM.

01-17-2006, 07:13 AM	#2
vancenase All Star Join Date: Apr 2003 Location: OH Posts: 934	... after reading up, I wonder if I deleted the X509Certificates keychain ... it's not present in Keychains Access.app

01-17-2006, 10:57 AM	#3
TrumpetPower! Major Leaguer Join Date: Dec 2005 Location: Tempe, AZ Posts: 276	The files live here: Code: /System/Library/Keychains/X509Anchors /System/Library/Keychains/X509Certificates If you deleted the whole keychain...you'll need it back. If you don't have a backup of it, it's on the OS install disk. The easiest thing to do is just re-install the OS (and then the updates from Software Update). If you don't have the time to do that, there's that program whose name I can never remember that'll let you extract individual files from installers. Cheers, b&

06-23-2008, 02:26 PM	#9
Meanman333 Prospect Join Date: May 2008 Posts: 15	Upon entering the specified command, I was returned with this: -rw-r--r-- 1 root wheel 22752 May 30 20:31 /System/Library/Keychains/X509Anchors -rw-r--r-- 1 root wheel 131256 Oct 6 2007 /System/Library/Keychains/X509Certificates I also tried creating a new account to check if the keychains were the same, and they are. No X509 certificates there either.

06-23-2008, 03:19 PM	#11
hayne Site Admin Join Date: Jan 2002 Location: Montreal Posts: 31,940	Note that I recommended the use of Pacifist in your original thread about this problem: http://forums.macosxhints.com/showthread.php?t=90795 __________________ hayne.net/macosx.html

12-10-2008, 07:45 AM	#12
pts2 Registered User Join Date: Dec 2008 Posts: 1	another option for replacing accidentally deleted certificates in X509Anchors I had this problem and solved it this way: 1) Went to a mac that I trusted, that didn't have this problem (still had its original certificates). 2) Opened Keychain Access on this machine 3) Selected "show keychains" (button below the frame on the left of the Keychain window titled "Category") 4) clicked on "X509Anchors" in the new "Keychains" frame that appears after you do step 3. All my certificates appeared in the main window 5) selected all the certificates in the main window (not sure if this is necessary) 6) chose "Export" under the "File" menu. This will allow you to save them as a file, call it "good-certificates" or whatever. There are different options for file format, but I don't think this matters. 7) transfer this "good-certificates" file to the computer missing its certificates 8) redo steps 2-4 on the computer missing its certificates 9) chose "Import" under the "File" menu in Keychain Access. Select the file you made in step 6 and transferred over in step 7 10) close Keychain Access (not sure why this was necessary, or even if it is necessary, but I didn't see the new certificates in Keychain Access until I closed it and reopened it). This worked for me. Hope this helps! -Tom

12-08-2009, 09:25 AM	#13
jinsoku3g Prospect Join Date: Dec 2009 Posts: 3	Hi, I made a topic in the wrong section. I'm digging up a historic thread, but just got my g4 powerbook, with )SX 10.4, i am really new to mac. cant use itunes (9813) i dont know anyone with a mac, i dont have an install disk.. i bought from a friend who said it was all working fine.. and i know this is the x509 anchor problem, because i have to change the settings to always trust for every webpage.. is there any way of getting the itunes and everything to work right on this computer? id really appreciate any help! thanks!

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: