[Macpartners] Rebuild System Keychain?

Albert Willis awillis at MIT.EDU
Fri Jun 4 17:46:07 EDT 2004


Because X509Anchors is owned by the system, you have to be root to 
change it. I suspect that one is fine. You can look at it by using 
Keychain Access: > File > Add Keychain and navigating to 
/System/Library/Keychains.

To reset your keychain, you can use Keychain First Aid (built into 
Keychain Access; was a separate application under Mac OS X 10.1) and do 
the repair function. If your default keychain's password is different 
from your login password, it'll make the same as your login password, 
which is the default condition. Keychain First Aid also checks other 
keychains you have access to, so X509Anchors should get checked as 
well.

Good luck.

   -- Al


On Jun 4, 2004, at 2:37 PM, Matthew Walburn wrote:

> Right. I know where things _should_ be. :) I have successfully done 
> the MIT/Safari cert install before, but it's not working because I 
> don't have the passwords to one of these keychains. Presumably it's 
> because I imported the System Keychain and my own keychain from a 
> previous Panther install and did it incorrectly. I'm trying to redo 
> these without doing another reinstall.
>
> I need to recreate the system X509Anchors and X509Certificates 
> keychains as well as my own.
>
> Thanks!
>
> -Matthew
>
> On Jun 4, 2004, at 2:26 PM, Albert Willis wrote:
>
>> Matthew--
>>
>> we've documented how to import the MIT certificate authority into the 
>> X509Anchors keychain at http://itinfo.mit.edu/article?id=6667.
>>
>> The short description is that every user has a default keychain in 
>> their home directory (is ~/Library/Keychains). For accounts that were 
>> created on Mac OS X 10.3, it's called login.keychain. For accounts 
>> created on Mac OS X 10.2, the default keychain name is the same as 
>> that user's short name.
>>
>> So, your keychains are in your home directory. The other keychains 
>> belong to the system.
>>
>> Once you import the MIT CA into the X509Anchors keychain, you 
>> shouldn't have to configure anything else. Let us know if you have 
>> further questions.
>>
>>   -- Al
>>
>>
>> On Jun 4, 2004, at 10:19 AM, Matthew Walburn wrote:
>>
>>> Actually, it's in /System/Library/Keychains
>>>
>>> It remade itself, but actually it appears that the problem is with 
>>> the X509Anchors and X509Certificates keychains. I'm a bit leary of 
>>> deleting these. I'm trying to get MIT certs imported, but maybe I'll 
>>> just keep using Mozilla unless you all have some ideas for me.
>>>
>>> Thanks!
>>>
>>> -Matthew
>>>
>>>
>>> On Jun 4, 2004, at 10:08 AM, Roger A. Roach wrote:
>>>
>>>> It is in your ~/Library/Keychains folder and you can delete the 
>>>> file and start over.
>>>>
>>>> Roger
>>>>
>>>> On Jun 4, 2004, at 9:44 AM, Matthew Walburn wrote:
>>>>
>>>>> Hi there, I noticed this morning that I have no idea what my 
>>>>> System Keychain password is on 10.3. Anyone know how to reset this 
>>>>> keychain or make a new one?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> -Matthew
>>>>>
>>>>> --
>>>>> Matthew Walburn, RHCE
>>>>> Computer Systems Specialist
>>>>> MIT Department of Mathematics - x. 3-4995
>>>>>
>>>>> _______________________________________________
>>>>> Macpartners mailing list
>>>>> Macpartners at mit.edu
>>>>> http://mailman.mit.edu/mailman/listinfo/macpartners
>>>>>
>>>
>>> --
>>> Matthew Walburn, RHCE
>>> Computer Systems Specialist
>>> MIT Department of Mathematics - x. 3-4995
>>>
>>> _______________________________________________
>>> Macpartners mailing list
>>> Macpartners at mit.edu
>>> http://mailman.mit.edu/mailman/listinfo/macpartners
>>
>> _______________________________________________
>> Macpartners mailing list
>> Macpartners at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/macpartners
>>
>
> --
> Matthew Walburn, RHCE
> Computer Systems Specialist
> MIT Department of Mathematics - x. 3-4995
>
> _______________________________________________
> Macpartners mailing list
> Macpartners at mit.edu
> http://mailman.mit.edu/mailman/listinfo/macpartners



More information about the Macpartners mailing list