Don’t get me started about Certificate support on Mac OS/X
It is 3AM and I just killed myself trying to figure out where to get various browsers/JVM’s to trust a simple certificate. Here are some notes.
Mac OS/X does JVM 1.4 but has 1.3 installed as well. There are three places that you need to get certs trusted:
/System/Library/Keychains/X509Anchors is where much of the mainstream tools look for certs – there is a tool called certtool – just Google X590Anchors to see how to do it. Follow the einstructions exactly – the X509Anchors file must be in ~/Library/Keychains/X509Anchors or the certtool won’t work.
The JVMs have their own little places to trust certificates:
/System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Home/lib/security/cacerts
/System/Library/Frameworks/JavaVM.framework/Versions/1.4.1/Home/lib/security/cacerts
Here are some commands that I found useful:
keytool -import -trustcacerts -alias NCSA -file /tmp/4a6cd8b1.0 -keystore cacerts
keytool -import -trustcacerts -alias cee-nees -file /tmp/hostcert.der -keystore cacerts
The password is changeit
Here is a useful command (with variants)
openssl x509 -in histcert.pem -inform pem -out hostcert.der -outform der
This allows you to convert certs.