Untrusted Kerberos Certificate In Keychain?

Hi, I have an untrusted com.apple.kerberos.kdc certificate in my System Keychain, along with both a private and public key.
The reason I post my question in Getting online and Networking, is because I am a simple home user who connects to my ISP via DSL modem.
However, I do know kerberos is for networking or whatever, so I was just wondering if someone could enlighten me as to why they are there, if they need be there, etc.....
I can provide any additional info as needed. Thanks, and I just want to make sure that everything on my system is running smoothly so I really appreciate any Helpful information/responses so that my query may be Solved! Thanks again.

Ok, well, just to clarify, I'm not in the States right now where I normally reside and I happen to have taken my computer in for care at an authorized dealership here.
After they replaced my Optical Drive, they needed to reinstall.... I had provided my CDs--which I am without a doubt certain worked before I handed them in as required by their service terms--but was later informed that the new Optical Drive that had been installed could not read them for some reason or another(the CDs would mount, but show no contents within the Finder window). If I were in the US, I would have called apple since I am still under warranty and seen if they could be replaced, which I have done with a past G$ powerbook with no prob at all. But since they couldn't provide that service, they simply installed leopard on my comp for me off their Install CDs.... As a result, I am left wondering if maybe they used an Install Disc which was intended for another computer or was perhaps not appropriately specified for my comp.
So, basically, if there is a problem at all, and say those untrusted certificates shed any light on any improper installation or whatever, then I would like to know so I can address and rectify the issue before I leave.
Ok, thanks for your time and hopefully, someone will be able to shed some light on this. Even if it means just checking to see if the same two untrusted certificates are present in their keychain app as well.
since it doesn't seem like I'm getting any feedback as is, would any willing people mind checking there system keychain within keychain access to see if a similar situation exists?
Basically, I just want to know if it's harmless then I'll leave it as is.... If anyone can confirm the same situation in their Keychain Access, then I would be much relieved.

Similar Messages

  • Problem with HTTPS requests to host with untrusted server certificate

    Hi,
    I develop an iPhone framework which sends HTTPS requests in order to communicate with a publicly available backend server. Currently I have a big problem regarding untrusted server certificates.
    The certificate of the backend server is not signed by a trusted CA, so my first approach was to use NSURLRequest's private allowsAnyHTTPSCertificateForHost. While this worked as expected an was fine as temporary workaround, our customer demands a clean solution as final result. Therefore I wrote a method which allows to install a provided certificate from the file system in the keychain, but this method does not work as expected in the iPhone Simulator. The certificate is installed in the host machine's Mac OS X keychain instead. Unfortunately, if I call NSURLConnection's sendSynchronousRequest method, I retrieve an "untrusted server certificate" error. It seems as if NSURLConnection is not able to access the host's Mac OS X keychain to retrieve the certificate.
    Is my guess correct or did I miss something?
    Would my approach work if I ran my app on a real iPhone device instead (I do not have one available yet)?
    Does there exist a keychain in the iPhone Simulator at all?
    Is it at all possible to send HTTPS requests to a server with an untrusted certificate on the iPhone Simulator or do I have to use precompiler directives to implement different routines depending on the underlying platform (simulator or device, respectively)?
    Any help is highly appreciated.
    Thanks,
    Matthias

    Indeed this would be a clean and simple solution. But our customer is not willing to get a real certificate, for whatever reasons.
    The question that remains is if the HTTPS requests would succeed on the iPhone device itself if the server certificate was installed in the keychain by the same app beforehand.

  • Error: Untrusted Server Certificate

    When i click on Query Interfaces (IPS Manager: Configuration > Settings > Interfaces) i get the following error:
    An error occurred trying to get the interface information. An error occurred while trying to determine the sensor version. Detail = Error occurred while communicating with 172.17.xx.xx: java.security.cert.CertificateException: Untrusted Server Certificate Chain
    Any suggestion?
    Thank you,

        That is a pretty strange message. Have you had a chance to reach out to Windows Live?
    TamaraH_VZW
    Follow us on Twitter @VZWSupport

  • Untrusted Server Certificate Chain error

    I am trying to use a certificate (digital signature) on the client, when accessing a Webservice. This fails with the following error :
    javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
    My code is :
    KeyStore ks = null;
    String strURL = "https://myserver.com/myurl/lookup.asmx";
    SSLSocketFactory sslSocketFactory = null;
    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    // Load certificate dynamically
    SSLContext sslContext = SSLContext.getInstance("SSLv3");
    TrustManagerFactory trustMgtFactory = TrustManagerFactory.getInstance("SunX509");
    CertificateFactory cert = CertificateFactory.getInstance("X.509");
    FileInputStream lo_fileinputstream = null;
    lo_fileinputstream = new FileInputStream("c:\\temp\\digital.cer");
    X509Certificate servercacert = (X509Certificate)cert.generateCertificate(lo_fileinputstream);
    lo_fileinputstream.close();
    String s1 = servercacert.getSerialNumber().toString();
    if(ks == null)
    ks = KeyStore.getInstance("JKS");
    ks.load(null, null);
    ks.setCertificateEntry(s1, servercacert);
    trustMgtFactory.init(ks);
    sslContext.init(null, trustMgtFactory.getTrustManagers(), null);
    sslSocketFactory = sslContext.getSocketFactory();
    HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
    // Call webservice
    URL cascadeURL = new URL(strURL);
    HttpsURLConnection conn = (HttpsURLConnection) cascadeURL.openConnection();
    String inputline=null;
    if (conn instanceof HttpsURLConnection) {
    conn.connect();
    BufferedReader in = new BufferedReader(
    new InputStreamReader(
    conn.getInputStream()));
    while ((inputline = in.readLine()) != null) {
    System.out.println(inputline);
    in.close();
    Please help - I am on a very tight deadline (as usual).

    Found the problem. I simply needed to add another certificate.

  • Trying to delete wifi certificate in Keychain Access; continually crashes

    Every time I try to delete my wifi certificate in Keychain Access, it continually crashes.  Tried it in safe mode, still crashes. I cannot get my Airport extreme 5th gen to pass along an IP address to my Mac even though mac is connected to AE (seen via Network Utility). Thought that deleting keychain password would help.
    OSX 10.10.1
    retina Macbook Pro 13

    Launch the Console application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
    Step 1
    For this step, the title of the Console window should be All Messages. If it isn't, select
              SYSTEM LOG QUERIES ▹ All Messages
    from the log list on the left. If you don't see that list, select
              View ▹ Show Log List
    from the menu bar at the top of the screen.
    In the top right corner of the Console window, there's a search box labeled Filter. Initially the words "String Matching" are shown in that box. Enter the name of the crashed application or process. For example, if Safari crashed, you would enter "Safari" (without the quotes.)
    Each message in the log begins with the date and time when it was entered. Select the messages from the time of the last crash, if any. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
    ☞ The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
    Please don't indiscriminately dump thousands of lines from the log into this discussion.
    Please don't post screenshots of log messages—post the text.
    ☞ Some private information, such as your name, may appear in the log. Anonymize before posting.
    Step 2
    In the Console window, select
              DIAGNOSTIC AND USAGE INFORMATION ▹ User Diagnostic Reports
    (not Diagnostic and Usage Messages) from the log list on the left. There is a disclosure triangle to the left of the list item. If the triangle is pointing to the right, click it so that it points down. You'll see a list of crash reports. The name of each report starts with the name of the process, and ends with ".crash". Select the most recent report related to the process in question. The contents of the report will appear on the right. Use copy and paste to post the entire contents—the text, not a screenshot.
    I know the report is long, maybe several hundred lines. Please post all of it anyway.
    If you don't see any reports listed, but you know there was a crash, you may have chosen Diagnostic and Usage Messages from the log list. Choose DIAGNOSTIC AND USAGE INFORMATION instead.
    In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.)
    Please don’t post other kinds of diagnostic report—they're very long and rarely helpful.

  • OS X 10.6.x Clients and Kerberos Certificates

    Howdy!
    Last week I wrote the OS X client management list regarding a problem I was having with Kerberos
    certificates not being received from a Windows DC on OS X 10.6.x clients. I
    later determined that the Kerberos Certificate does get received upon the
    second sequential login for ever user (user logs in, no cert, user logs off,
    logs in again, cert is in ticket viewer).
    I didn't think this would be a problem until I was moving forward with
    deployments and configuration options. We would like to have mobility
    enabled to sync their local Documents/Settings with their remote network
    home folders. Additionally, they would like their network home folder icon
    to appear in their dock.
    This obviously becomes a problem during their initial login where it cannot
    resolve their network home folder because the client isn't receiving the
    Kerberos certificate upon the first login, and therefore cannot use SSO to
    mount the network home folder (so the OS X client just throws an error
    "cannot access /Users/<username>" at the login window and doesn't allow them
    to log in).
    Does anyone have any ideas why it's taking two sequential logins to receive
    the Kerberos Certificate from the Windows DC?
    Thanks for any information you have!

    My Mac Book Pro (early 2008, Santa Rosa) recently developed the same problem.
    Shortly after the upgrade to 10.6.3 the note book began to heat up unusually high (and occasionally even uncomfortable levels) especially on the left side (over the left speaker grill), even at little or no load.
    Before the left side would get warm under heavy load but nothing like this; while the strip above the keyboard would get very hot. Curiously the temperature of the top strip seems unaffected.
    I have rebooted my notebook several times and even turned it off for an extended period but this has had no effect.
    My battery life seems a fair bit shorter too, but this I can't say for certain as I don't usually keep track of how long I keep it unplugged, that all said my battery has always behaved a bit odd so it probably doesn't mean much anyway.

  • Untrusted root certificates?

    So I was browsing my computer today (checking out another problem I'm not so concerned about) and I noticed something. In my Keychain, under "System", I have 2 certificates listed as "This root certificate is not trusted". Both have names starting with com.apple, so I'm less worried, but I'm wondering if other people have these on their systems and if they're normal. I don't know what these things do, so I haven't touched them, and I'm not going to post the full names in case it publishes a possible vulnerability in my computer.

    Are you sure you have Passwords selected on the left?
    Also... this is from the Safari Help Viewer for Root Certificates
    When you go to a secure webpage—for instance, to do online banking—Safari checks the site’s certificate and compares it with certificates that are known to be legitimate. If Safari doesn’t recognize the website’s certificate, or if the site doesn’t have one, Safari will let you know.
    For more detailed information on how Safari works with certificates, see this topic:
    Certificates and secure websites
    How to respond to a certificate warning:
    Click Show Certificate, and inspect the certificate for suspicious information.
    Look for a message that says, “This certificate was signed by an untrusted issuer.” If you see this message, click Cancel, and do not go to the website.
    Click the triangle next to the word “Details.” Check to make sure that the name and organization sections match those of the person or organization that owns the website. If anything looks unusual or is not what you expect, click Cancel, and do not go to the website.
    If you continue to the website, double-check the address in Safari’s toolbar to confirm that it is the correct address for the page you want to visit. The address should begin with “https://,” and the name of the website should be spelled correctly. Sometimes fraudulent websites masquerade as trusted websites by changing one or two letters of the trusted website’s address.
    Contact the administrator of the website, explaining the problem and requesting more information.
    If you continue, the certificate will be stored on your computer, and this warning won’t be displayed again for this website until you quit and restart Safari. If you like, you can remove the certificate later using Keychain Access. For instructions, open Keychain Access and choose Help > Keychain Access Help.
    Carolyn

  • Valid email certificate in Keychain - How to use it sending messages?

    After asking a free Personal E-mail Certificate by thawte.com, I was enabled to dowload a file which automagically added my personal certificate in my Keychain. Wow.. nice.. and now?
    How to add this certificate in the headers of my messages?
    Btw, during the thawte subscription, the form asked for my browser and mail program.
    In the options, nothing about Apple. I wrote them giving my preferences: Safari and Mail.
    They replied me:
    -- begin --
    When requesting the certificate, please use the option:
    Mozilla Firefox/Thunderbird, Netscape Communicator/Messenger
    and it will work with your Apple set up.
    -- end --
    Any idea on how to proceed?

    Solved
    I just had to restart Mail, and the sign was there :-))
    Hope this helps someone.

  • "Unknown" Certificate in Keychain

    I've found a certificate with the name of "Unknown" in my Login keychain. It doesn't have an expiration date, just "???". Keychain says it's unable to display the certificate. Also, "The data does not appear to be a valid certificate." Has anyone else encountered this? Any idea what this is, and if I should delete it? It seems odd to me. I haven't imported any certificates myself lately.

    Me too and mine is an empty keychain (no objects are listed). When I click Delete Keychain "unknown" from the File menu, I get a panel that asks whether I want to 'Delete References & Files' or 'Delete References' only. But there's no way to see what these references or files are. Can i safely delete this and which deletion option should i choose?
    Al

  • Certificates in Keychain...

    I need to know what the following are and what they are for:
    DoD Root CA 2
    DOD EMAIL CA-24

    Hi S,
    They are security certificates. They authenticate a website when you go to it. DoD stands for Dept. of Defense. I have noticed them in keychains on my Macs before.

  • Adding Certificates to Keychain

    I have been attempting to add a few DoD certificates to my keychain per online instructions to enable me to use my smart card on my personal computer. However, every time I navigate to the Library folder while trying to add the certificates, I receive this error and Keychain closes itself:
    Error: *** -[__NSArrayM objectAtIndex:]: index 5 beyond bounds [0 .. 4]
    -2011 MacBook Pro, OS X Mavericks 10.9

    I wanted to reply to this question myself because I figured it out and I wanted to share the fix. Fortunately I had a "cloned" copy of my hard drive with a working set of certificates on it, so I replaced the newer certificates which were created when I reset the keychains with the older (working) certificates from the cloned hard drive. There are three locations in which the certificates had to be replaced. (1) User>Library>Keychain>(replaced the newer certificates in this location with the older working certificates) (2) Hard Drive>Library>Keychains>(replaced the newer certificates in this location with the older working certificates) (3) Hard Drive>System>Library>Keychains>(replaced the newer certificates in this location with the older working certificates). This needs to be done at the "administrative" level and you will need the administrative password when asked to authenticate.

  • Deleting certificates in Keychain Access???

    I noticed in my Keychain Acess that I have a slew of certificates which (1) I'm not sure what their purpose really serves and (2) there's a ton of them with names I don't recognize and draws my suspicion.
    What purpose do these certificates serve and what would happen if I deleted them?
    And just to clarify: I'm not talking about my passwords, etc. in Keychain Access. I'm specifically referring to Certificates which I find by clicking on: System Roots and Certificates.
    Thanks for any help.

    If you delete a certificate, the source that gave you the certificate will just offer another one when you authenticate. Certificates are just a way for encrypted connections to establish identity between a client and server. The server will digitally sign a certificate that contains a public key as well as some personal information that's used by the service you're connecting to. Certificates are provided by the service, and can have expiration dates and such.
    Cookies are similar in ways, but they arent as versatile and secure. They're generally used to let your browser keep track of when you last visited a site, perhaps contain a password for the site, and other user settings for a site. Certificates are mainly used for authorizing access to a service.

  • Invisible certificate in keychain

    I need to add a new root certificate to the keychain. Probably I did something wrong in the first try. But now the situation is such that the keychain program claims the certificate being already in the keychain, but displaying all certificates does not show any. This means that I can't delete the certificate to be able to add it again. So I'm stuck. Any suggestions?
    MacBook   Mac OS X (10.4.9)  

    I need to add a new root certificate to the keychain.
    Probably I did something wrong in the first try. But
    now the situation is such that the keychain program
    claims the certificate being already in the keychain,
    but displaying all certificates does not show any.
    It turned out that I did not display the X509Anchors keychain and thus missed the entry. However, there is still a problem with a certificate, which I shall post seperately.
    MacBook   Mac OS X (10.4.9)  

  • PKI, certificate and keychain.app experts needed!

    Hi all!
    I have the following problem. To verify e-mails signed (qualified in the sense of german signature-laws) the highest german CA-certificate is needed. So I imported this CA-Root-Cerificate into the x.509 keychain in keychain.app. There it is 1) not recognized as a CA-Root-Certificate and 2) it can't be verified.
    Some research discovered that the main difference between this cert and all the other pre-intsalled certs is that it uses the RIPEMD-160 hash-algorithm and not SHA1.
    My question is: Can anybody confirm that RIPEMD-160 is not supported in Mac OS X or does anbody have an idea what is going wrong.
    If anybody needs the german root-ca-cert I can e-mail it!
    Thanks for any help in advance!
    Tom
      Mac OS X (10.4.8)  

    The following are up to date and seem to be connected to the keyboard buffer in some way:  (I had airdisplay, but that is no longer on the drive - I think ML kicked it off the disk when I installed ML).
    TextExpander
    Keyboard Maestro
    Clipboard History
    I've closed them down.  The problem continues.
    I also use Path Finder in which the sticky problem occurs.  If I force quit it once the problem begins, that fixes it, but if I then try dragging in just Finder, the problem returns.  So it's both in Finder and Path Finder that the issue occurs.  I've even relaunched Finder, but that doesn't fix the problem when it has begun.  I also discovered that any kind of drag causes the problem now - every time.  For example, in some app that displayed a table, if I try widening a column by draging the column heading left or right, then the widening/shrinking continues when I let go of the left mouse hold and then just move the mouse, even if it's off the app's window.

  • Valid Cisco VPN certificate in keychain is not found by setup

    My fellow MBP fans!
    Has anyone successfully configured a MBP with 10.6.8 to connect to a Cisco VPN router using the built VPN Client, with certificate authentication? Please how, please!
    The company I work for has recently installed a Cisco RV016 router, to allow us to connect remotely over a VPN connection.
    Setting up this connection has proved so far a total nightmare.
    The router exported a certificate. This I imported into the keychain and placed it in the system folder. The certificate seems to be trusted.
    When setting up the network interfaces in the System preferences, I can add a Cisco IPsec interface. It accepts the IP address of the router, the userid and the password. It then asks for the authentication method. When opting for certificate, you can then browse the certificates installed to pick the right one. However, the facility does not find any certificates, ie the installed certificate is not found.
    Either the certificate is in the wrong place, or in the wrong format, or just plain wrong. The certificate I am trying to use is in .pem format.
    This is what I tried so far, but failed to make any progress.
    - place the certificate in several locations
    - convert the .pem certificate to pk12 or pk7 format, after converting it with openssl
    - reset the router and request a new certificate
    The same credentials work fine on a Windows machine.
    Solving this would mean a lot.

    The legacy VPN-client is not supported under Windows 8.1 and as the client is EOL anounced, it probably will never be supported. You have a couple of options:
    There are some reports on the internet where some people got it working. If you go that way you are still running an unsupported scenario.
    Go the Cisco-way and change to AnyConnect. For that your VPN-gateway needs a nearly complete new VPN-config. But in the long term, that's the way to go.
    Use an alternate client like the one from shrew-soft: https://www.shrew.net/software
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

Maybe you are looking for