11 Jan 2004

removing X509 cerificates from macosx

i run my own IMAP/SSL server and sign my own SSL certificate, however, Mail.app in Panther will complain about an uncertified certificate. so i tried to add it using apple's docs. however, it worked for gentoo's mail server, but not for my own. it seemed i screwed up something, so i had to manually remove my old certificate, but the certificates are viewable by the keychain app. so a little bit of shell-fu works like this:

cp /System/Library/Keychains/X509Anchor ~/Library/Keychains/X509.keychain
open ~/Library/Keychains/X509.keychain
[delete the dodgy certificate from the chain]
sudo cp ~/Library/Keychains/X509.keychain /System/Library/Keychains/X509Anchor

and there you have it, you can edit, remove, delete all sorts of system level X509 Anchors from your system. I don't know why apple didn't make it easier to do.

You can reply to me about this on Twitter: