Databases
StackOverflow2013
Postsdbo
POAdding trust for a X509 CA certificate imported into keychain on OS X
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAdding trust for a X509 CA certificate imported into keychain on OS X
    primarykey
    data
    text
    <p>Recently I wrote a little chunk of code that grabs a CA certificate from a SCEP server, turns it into a SecCertificateRef and adds it to a keychain (either System or login). Now I'm wondering how I can get the system to trust that certificate. I've been playing around with Trust Policies but I haven't had much luck yet.</p> <p>On top of this, I understand that the system may not allow you to automatically trust a certificate without user interaction. If that's the case, how do you kick off the interaction? Using "SecCertificateAddToKeychain" puts the certificate into the keychain silently.</p> <p>Side note: I'm trying to support 10.5 with this code as well.</p> <p>Thanks for any help!</p> <p>Edit: After playing around with the code on the Citrix page I came up with my own function. From what I gathered from the Citix page, this method is destructive. So if the certificate is already in the keychain and already has policies (iChat, etc) this will overwrite those. Since I don't care about that in my project, here's a simpler version I came up with.</p> <pre><code>-(OSStatus) addCertificate: (CertificateWrapper *) cert trust:(BOOL) shouldTrust { //keychain is a SecKeychainRef created with SecKeychainOpen OSStatus result = SecCertificateAddToKeychain([cert certificate], keychain); if((result == noErr || result == errKCDuplicateItem) &amp;&amp; shouldTrust){ SecTrustSettingsDomain domains[3] = { kSecTrustSettingsDomainSystem, kSecTrustSettingsDomainAdmin, kSecTrustSettingsDomainUser}; for(int i = 0; i &lt; 3; i++){ CFMutableArrayRef trustSettingMutArray = NULL; trustSettingMutArray = CFArrayCreateMutable (NULL, 0, &amp;kCFTypeArrayCallBacks); result = SecTrustSettingsSetTrustSettings([cert certificate], domains[i], trustSettingMutArray ); if(result == noErr){ break; } } } return result; } </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USStaros
    1. USStaros
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POAdding trust for a X509 CA certificate imported into keychain on OS X
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POAdding trust for a X509 CA certificate imported into keychain on OS X
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POAdding trust for a X509 CA certificate imported into keychain on OS X
      1. UStc.
      1. VTFavorite
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload