ICloud caldav server root certificate no longer trusted os x 10.10 yosemite

Similar Messages

• My System root certificate is not trusted and I cannot open Preferences with my Administrator password.

  My computer was hacked three days ago and malware installed. After consultation with Apple Support I reinstalled the OS and all seemed to be well. Today I tried to set some Preferences but my Admin password wouldn't work. I tried to reset it using my Apple ID, to no avail. Checking in Keychain Access I found that under System, my Certificate contains a message: 'This root certificate is not trusted'.

  DO NOT install "Avast." I asked about it as a possible cause of the problem, not as a solution.
  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
  You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1309 ' 0.5 0.25 50 1000 15 5120 1000 25000 6 6 5 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1536 500 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 1024 25 50 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pace|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d 'Mb/s:Mb/s:ms/s:KiB/s:%:total:MB:total:lifetime:sampled:per sec' 'Net in:Net out:I/O wait time:I/O requests:CPU usage:Open files:Memory:Mach ports:Energy:Energy:File opens:Forks:Failed forks:System errors' 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' CFBundleIdentifier );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' %s{' ','\n'{"${k[22]}",}}'%s\n' '%.1f GiB: %s\n' '\n    ...and %d more line(s)\n' '\nContents of %s\n    '"${k[22]}"'mod date: %s\n    '"${k[22]}"'size (B): %d\n    '"${k[22]}"'checksum: %d\n%s\n' );c=(879294308 4071182229 461455494 216630318 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 1383871077 1591517921 676087606 1445213025 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of|yc/!{ s/^.+is |\.//g;p;q;} ' ' BEGIN { FS="\f";if(system("A1 42 83 114")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' $1>1{$NF=$NF" x"$1} /\*/{if(!f)f="\n\t* Code injection"} {$1=""} 1;END{print f} ' ' NR==2&&$4<='${p[7]}'{print $4} ' ' BEGIN{FS=":"} ($1~"wir"&&$2>'${p[22]}') {printf("wired %.1f\n",$2/2^18)} ($1~/P.+ts/&&$2>'${p[19]}') {printf("paged %.1f\n",$2/2^18)} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q"\f"$0"\f"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/, .+:/ { print;n++;} END{if(n<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { print "/L.+/Scr.+/Templ.+\.app$";print "/L.+/Pri.+\.plugin$";if(NR<'{${p[14]},${p[21]}}') print "^/[Sp].+|'${k[21]}'";} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt|xpc)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print $0"$";} END { split("'"${c[*]}"'",c);for(i in c) print "\t"c[i]"$";} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt|xpc))$/p;' ' BEGIN{ FS="= "} $2 { gsub(/[()"]/,"",$2);print $2;} !/:/&&!$2{print "'${k[23]}'"} ' ' /^\//!d;s/^.{5}//;s/ [^/]+\//: \//p;' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' BEGIN{FS=": "} /^ {10}O/ {exit} /^ {0,12}[^ ]/ {next} $1~"Ne"&&$2!~/^In/{print} $1~"Si" { if(a[2]) next;split($2,a," ");if(a[1]-a[4]<'${p[5]}') print;};$1~"T"&&$2<'${p[20]}'{print};$1~"Se"&&$2!~"2"{print};' ' BEGIN { FS="\f";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS="\f";} $2<=m[$1]{next} $1==9||$1==10 { "ps -c -ouid -p"$4"|sed 1d"|getline $4;} $1<11 { o[$1]=o[$1]"\n    "$3" (UID "int($4)"): "$2;} $1==11&&$5!~"^/dev" { o[$1]=o[$1]"\n    "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==12&&$5 { "ps -c -ocomm -p"$5"|sed 1d"|getline n;if(n) $5=n;o[$1]=o[$1]"\n    "$5" => "$3" (UID "$4"): "$2;} $1~/1[34]/ { o[$1]=o[$1]"\n    "$3" (UID "$4", error "$5"): "$2;} END { n=split("'"${k[27]}"'",u,":");for(i=n+1;i<n+4;i++)u[i]=u[n];split("'"${k[28]}"'",l,":");for(i=1;i<15;i++) if(o[i])print "\n"l[i]" ("u[i]")\n"o[i];} ' ' /^ {8}[^ ]/{print} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n    "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n    [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"stat -f%z "F|getline S;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[30]}"' "F|getline g) { l++;if(l<=L) f=f"\n    "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n    '"${k[22]}"'"T;printf("'"${f[8]}"'",F,D,S,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[30]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[31]}"'\\ :'"${k[33]}"' \""$0"\"/*/'${k[32]}'";p|getline b;close(p);if(b~/ .+:/||!b) b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[32]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ / [VY]/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/'$'\f''/;s/(\n)c/\1'$'\f''/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */    /;p;' ' s/^.+ |\(.+\)$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2'$'\t\t''\1/p' ' /es: ./{ /iOS/d;s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/://;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/'$'\f''(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8,9,10}$'\f''/;s/ *'$'\f'' */'$'\f''/g;p;' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS="\f"} { printf("'"${f[6]}"'",$1/2^30,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[29]}}'/ { getline d;if(d~"t") print $1;} ' ' BEGIN{FS="\t"} NR>1&&$NF!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $NF"\f"a[split($(NF-1),a," ")];} ' '|tail -n'{${p[6]},${p[10]}} ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;/^ +(([MNPRSV]|De|Li|Tu).+|Bus): .|d: Y/d;s/:$//;$d;p;' ' BEGIN { RS=",";FS=":";} $1~"name" { gsub(/["\\]/,"",$2);print $2;} ' '|grep -q e:/' '/[^ .]/p' '{ print $1}' ' /^ +N.+: [1-9]/ { i++;} END { if(i) print "system: "i;} ' ' NF { print "'{admin,user}' "$NF;exit;} ' ' /se.+ =/,/[\}]/!d;/[=\}]/!p ' ' 3,4d;/^ +D|Of|Fu| [0B]/d;s/^  |:$//g;$!H;${ x;/:/p;} ' ' BEGIN { FS=": ";} NR==1 { sub(":","");h="\n"$1"\n";} /:$/ { l=$1;next;} $1~"S"&&$2!~3 { getline;next;} /^ {6}I/ { i++;L[i]=l" "$2;} END { if(i) print h;for(j=0;j<'${p[24]}';j++) print L[i-j];} ' ' /./H;${ x;s/\n//;s/\n/, /g;/,/p;} ' ' {if(int($6)>'${p[25]}')printf("swap used %.1f\n",$6/1024)} ' ' BEGIN{FS="\""} $3~/ t/&&$2!~/'{${k[24]},${k[29]}}'/{print $2} ' ' int($1)>13 ' p ' BEGIN{FS="DB="} { sub(/\.db.*/,".db",$2);print $2;} ' {,1d\;}'/r%/,/^$/p' ' NR==1{next} NR>11||!$0{exit} {print $NF"\f"substr($0,1,32)"\f"$(NF-7)} ' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' '1;END { exit "find /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom -mtime -'${p[23]}'s"|getline;} ' ' NR<='${p[26]}' { o=o"\n"$0;next;} { o="";exit;} END{print o|"sed 1d"} ' ' {o=o"\n"$0} NR==6{p=$1*$5} END{if(p>'${p[27]}'*10^6)print o|"sed 1d"} ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[30]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin' env pluginkit scutil 'dtrace -q -x aggsortrev -n' security sed\ -En awk 'dscl . -read' networksetup mdutil lsof test osascript\ -e netstat mdls route cat uname powermetrics codesign lockstat );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[32]} '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop {/,}L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|(allow|call)ing|Goog|(mplet|nabl)ed|ry HD|safe b|succ|xpm' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA[(]|pa(gin|us)|Purg(ed|in)| err|Refus|s ful|TCON|tim(ed? ?|ing )o|trig|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0<0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno!=0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1\f%@d\f%s\f%d\n\",@a);printa(\"2\f%@d\f%s\f%d\n\",@b);printa(\"11\f%@d\f%s\f%d\f%s\f%d\n\",@c);printa(\"12\f%@d\f%s\f%d\f%d\n\",@d);printa(\"13\f%@d\f%s\f%d\f%d\n\",@e);printa(\"14\f%@d\f%s\f%d\f%d\n\",@f);printa(\"3\f%@d\f%s\f%d\n\",@g);printa(\"4\f%@d\f%s\f%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f'$'\f''%Sc'$'\f''%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' /\ kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{auto*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*{,/*} .launchd.conf" list '-F "" -k Sender hidd -k Level Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' vm.swapusage --dns -get{dnsservers,info} dump-trust-settings\ {-s,-d,} '~ "kMDItemKind=Package"' '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |gnment |jnl_io.+)err|disk.+abo','USBF:.+bus'}'"' -name\ kMDItem${k[33]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[33]} :CFBundleDisplayName $EUID {'$TMPDIR../C ','/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s -type f -size +'${p[11]}'M -exec stat -f%z'$'\f''%N {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' 'L*/A*/Fi*/P*/*/a*.json' users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$(Sender): \$Message" -k Sender Rne "launchd|nsurls" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "[{}<>]|asser|commit - no t|deprec|done |ect pas|fmfd|Goog|ksho|ndum|obso|realp|rned f|/root|sandbox ex" ' getenv '/ "kMDItemDateAdded>=\$time.now(-'${p[23]}')&&kMDItem'${k[33]}'=*"' -m\ / '' ' -F "\$Time \$(RefProc): \$Message" -k Sender Req launchd -k Level Nle 3 -k Message Rne "asse|bug|File ex|hij|Ig|Jet|key is|lid t|Plea|ship" ' print{,-disabled}\ {system,{gui,user}/$UID} '-n1 --show-initial-usage --show-process-energy' -r ' -F "\$Message" -k Sender nsurlstoraged -k Time ge -1h -k Level Nle 4 -k Message Req "^(ER|IN)" ' '/A* -type d -name *.app -prune ! -user 0' -vv '-D1 -IPRWck -s5 sleep 1' );N1=${#c2[@]};for j in {0..20};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console,launchd}\ log SMC Login\ hook 'I/O per process' 'High file counts' UID {System,Login,Agent,User}\ services\ {load,disabl}ed {Admin,Root}\ access Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ caches/logs XPC\ cache Startup\ items Shutdown\ codes Heat Diagnostic\ reports Bad\ {plist,cache}s 'VM (GiB)' Bundles{,' (new)'} Trust\ settings Activity Free\ space Stylesheet Library\ paths{,' ('{shell,launchd}\)} Data\ packages Modifications );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};export -f A1 A2 F;B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d$'\e' <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F$'\e' ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D$((i-1))'() { A'$i' $@;C0;};';for j in 2 3;do eval D$((i+2*j-3))'() { local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D0 0 N1+1 2;D0 0 $N1 1;B1;C2 31;B1&&! B2&&C2 32;D2 22 15 63;D0 0 N1+2 3;D0 0 N1+15 17;D4 3 0 N1+3 4;D4 4 0 N1+4 5;D4 N3+4 0 N1+9 59;D0 0 N1+16 99;for i in 0 1 2;do D4 N3+i 0 N1+5+i 6;done;D4 N3+3 0 N1+8 71;D4 62 1 10 7;D4 10 1 11 8;B2&&D4 18 19 53 67;D2 11 2 12 9;D2 12 3 13 10;D2 13 32 70 101 25;D2 71 6 76 13;D2 45 20 52 66;A1 7 77 14;B3 28;A1 20 31 111;B6 0 28 5;B4 0 0 110;C2 66;B2&&D0 45 90 124;D4 70 8 15 38;D0 9 16 16 77 45;C4;B2&&D0 35 49 61 75 76 78 45;B2&&{ D0 28 17 45;C4;};B2&&{ A1 43 85 117;B3 29;B4 0 0 119 76 81 45;C0;B4 29 0 118 119 76 82 45;C0;    };D0 12 40 54 16 79 45;D0 12 39 54 16 80 45;D4 74 25 77 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 75;};B2&&D4 19 21 0;B2&&D4 40 10 42;D2 2 0 N1+19 46 84;D2 44 34 43 53;D2 59 22 20 32;D2 33 0 N1+14 51;for i in {0..2};do A1 29 35+i 104+i;B3 25+i;done;B6 25 27 5;B6 0 26 5;B4 0 0 110;C2 69;D2 34 21 28 35;D4 35 27 29 36;A1 40 59 120;B3 18;A1 33 60 121;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D4 50 38 5 68;B4 19 0;D5 37 33 34 42;B2&&D4 46 35 45 55;D4 38 0 N1+20 43;B2&&D4 58 4 65 76 91;D4 63 4 19 44 75 95 12;B1&&{ D4 53 5 55 75 69&&D4 51 6 58 31;D4 56 5 56 97 75 98&&D0 0 N1+7 99;D2 55 5 27 84;D4 61 5 54 75 70;D4 14 5 14 96;D4 15 5 72 96;D4 17 5 78 96;C4;};D4 16 5 73 96;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 50;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 0 11 73 102;A1 42 86 114;j=$?;for i in 0 1 2;do ((i==2&&j==1))&&break;((! j))||((i))||B2&&A1 18 $((79+i-(i+53)*j)) 107+8*j 94 74||continue;B7 11;B4 0 0 11;C3 $((23+i*(1+i+2*j)));D4 $((24+i*(1+i+2*j))) 18-4*j 82+i-16*j $((112+((3-i)*i-40*j)/2));done;D4 60 4 21 24;D4 42 14 1 62;D4 43 37 2 90 48;D4 41 10 42;D2 48 36 47 25;A1 4 3 60&&{ B3 9;A2 14 61;B4 0 10 21;B4 9 0;A2 14 62;B4 0 0 21;B6 0 10 4;C3 5;};D4 9 41 69 100;D2 72 21 68 35;D2 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D4 54 5 7 75 76 69;D4 52 5 8 75 76 69;D4 57 4 64 76 91;D2 0 4 4 84;D2 1 4 51 84;D4 21 22 9 37;D0 0 N1+17 108;D4 76 24 38;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D1 31 47;D4 64 4 71 41;D4 65 5 87 116 74;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B6 14 0 4;C3 67;A1 24 75 74;B4 1 1 122||B7 12;B4 0 0 123;B3 23;A2 39 57 30;B6 23 0 4;C3 68;B4 4 13 27 89 65;A1 24 23;B7 13;C3 73;B4 4 0 87;A2 14 61 89 20;B4 0 17;A1 26 50 64;B7 17;C3 6;A1 4 88;D5 77 44 89;D4 7 11 6;D0 0 N1+18 109;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
  [Process started]
          Part 1 of 8 done at … sec
          Part 8 of 8 done at … sec
          The test results are on the Clipboard.
          Please close this window.
  [Process completed]
  The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
  Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.
  12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you're told to do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.
  Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Root certificate is not trusted

  Hi!
  I have installed the internatlly signed certificates according to steps in the Oracle documentation, however, I still ge the error that "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store".
  Below is the error I receive when starting UCM server:
  <27-Dec-2011 13:39:18 o'clock CET> <Notice> <Security> <BEA-090898> <Ignoring th
  e trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=
  (c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=V
  eriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certi
  ficate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object
  : 1.2.840.113549.1.1.11.>
  I get this error when I click on the certificate in the browser. Below are the steps I performed. Can anyone help me understand, perhaps, I import my certificates incorrectly?
  1. I've created a custom keystore using the following command:
  keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -dname “CN=<domain name like test.com etc>, OU=<unite like Customer Support etc>, O=<your organization>, L=<your location>, ST=<state>, C=<country code like US>” -keystore identity.jks
  2. Next, I generated a certificate sign-in request using this command:
  keytool -certreq -alias mykey -file cert.csr -keystore identity.jks
  3. After I received three certificates signed in by our internatl authority, main, intermediate, root. I imported each one of them.
  4. I inserted those one by one into my custom store generated during step1 first. I used the following command for each certificate:
  keytool -import -trustcacerts -keystore mystore.jks -storepass password -alias Root -import -file Trustedcaroot.txt
  5.I also inserted all three into JAVA_HOME cacerts file, located on C:/Program Files/Java/jrockit.../jre/lib/security/cacerts using the same command as in step 4.
  Next, I configured UCM_server 1 KEYSTORE to use Custom Identity and Java Trust. and pointed Custom Identity to my custom keystore file created in step1 and Java Trust to cacerts file updated in step5.
  Despite of all steps above I cannot get the certificates to work. When I look at the certificate, it tells me that "This CA Root certificate is not turested. To enable trust, install this certificate in the Trusted Root Certification Authorities store".
  Edited by: 867498 on 27-Dec-2011 05:45

  I've managed to get rid of the error, however the certificate still does not reflect the trusted chain and doesn't point to the "Root" certificate. Any ideas?

• Push windows trusted root certificate to adobe trusted store/certificate

  Hi,
  Can we push windows trusted root certificate to adobe trusted store/certificate ?
  Regards,
  Nitin Harikant

  I have tried something similar by trying to import the Windows Cert Store into Adobe, but I never did have it work. I just recently found the option is XI for Adobe to look at the Windows store itself.
  XI: Edit > Preferences > Signature > (Verification) More... > (Windows Integration) Check Validating Signatures, Check validating Certified Documents
  It should happen right away; although I will note I am having issues with this working for Non-Admins on a Terminal Server. Might be a privilege issue.
  If you want to set via GPO:
  Key Path: Software\Adobe\Adobe Acrobat\11.0\Security\cASPKI\cMSCAPI_DirectoryProvider
  Value Name: iMSStoreTrusted
  Value Type: Reg_DWORD
  Value Data: 62, or 60 (Hex)
  Link: Digital Signatures

• Apple root certificates not trusted?

  I was looking through Keychain Access, and came across these two Apple root certificates that Keychain reports as "This root certificate is not trusted."
  com.apple.kerberos.kdc
  com.apple.systemdefault
  There was also a "localhost" certificate with a Comcast email address that was similarly marked as not trusted.
  Any idea why any of these would not be trusted?
  Thanks,
  JC

  Yes, reinstalling is the backup plan.
  But this Macbook is about one year old. I should not cause that much trouble.

• Microsoft Exchange Server Auth Certificate Error

  I have new install the Exchange server 2013. I accidentally assigned the IIS service to the Microsoft Exchange Auth Certificate. now i'm facing problem to connect exchange server from outlook.
  The Error shows
  "There is a problem with the proxy server's security certificate.  The name on the security certificate is invalid or does not match the name of the target site
  name.  Outlook is unable to connect to the proxy server. (Error Code 10)."
  Certificate shows error
  "This CA root Certificate is nit trusted because it is not in the Trusted Root Certificate Authorities store"
  Please help me...
  Thanks

  HI Winnie,
  if i use root CA from AD CA can solve this issue?
  Please see the result:
  [PS] C:\Windows\system32>Get-ExchangeCertificate | FL
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=Microsoft Exchange Server Auth Certificate
  NotAfter           : 12/19/2018 12:37:13 PM
  NotBefore          : 12/19/2013 12:37:13 PM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 30F29F3C289D448A4244C95D267B9976
  Services           : IMAP, POP, SMTP
  Status             : Valid
  Subject            : CN=Microsoft Exchange Server Auth Certificate
  Thumbprint         : 514DDBBDAB0878766B9D305A0D500CBEA334E109
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=Microsoft Exchange Server Auth Certificate
  NotAfter           : 12/18/2018 3:51:00 PM
  NotBefore          : 12/18/2013 3:51:00 PM
  PublicKeySize      : 2048
  RootCAType         : None
  SerialNumber       : 2AAA1A565B385794473CE3AC8D3A85F4
  Services           : IIS, SMTP
  Status             : Valid
  Subject            : CN=Microsoft Exchange Server Auth Certificate
  Thumbprint         : 5E6026E8C9CC18BFE3684E58CD2876AC97A2514D
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {DBH-EX01, DBH-EX01.deltabrac.com}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=DBH-EX01
  NotAfter           : 12/11/2018 7:25:05 PM
  NotBefore          : 12/11/2013 7:25:05 PM
  PublicKeySize      : 2048
  RootCAType         : Registry
  SerialNumber       : 1C611FA9102B64B3462A0100FEF74A12
  Services           : IMAP, POP, IIS, SMTP
  Status             : Valid
  Subject            : CN=DBH-EX01
  Thumbprint         : 2FD1A8D2141DCA036F3DD5BE1191FD1FB6966EE9
  AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule,
                       System.Security.AccessControl.CryptoKeyAccessRule}
  CertificateDomains : {WMSvc-DBH-EX01}
  HasPrivateKey      : True
  IsSelfSigned       : True
  Issuer             : CN=WMSvc-DBH-EX01
  NotAfter           : 12/9/2023 5:03:46 PM
  NotBefore          : 12/11/2013 5:03:46 PM
  PublicKeySize      : 2048
  RootCAType         : Registry
  SerialNumber       : 4013857FC4683FA940C6DCC87A83A05F
  Services           : None
  Status             : Valid
  Subject            : CN=WMSvc-DBH-EX01
  Thumbprint         : BAE5A99C48FDFDBDBDE1E158833F862BB977DC01

• Having problem getting installed root certificate to work

  We have a recerse proxy set up with an SSL certificate singed by our local CA.  We are trying to connect to this reverse proxy from iPad over 3G connection.
  Initially, we received the error "Safari cannot open the page because it could not establish a secure connection to the server".  Reading up on this, realized that we needed to install the CA root certificate as a trusted root on the device.
  Got iPhone Configuration utility, set up a configuration profile for the sole purpose of installing the certificate, added the certificate through Credentials section, and assigned the profile to the device.  I can see the certificate updated to the device through General>Profiles and can confirm that it IS the root certificate used to general the SSL certificate on the proxy.
  Even after application to the iPad (tried on iPhone also), attempt to access our proxy server from the iOS device fails with the same error.
  It is interesting to note, that on a personally owned iPad, instead of the error noted, I received a pop-up indicating the certificate was unknown, and I was presented with options to "Cancel, Details, Continue".  Clicking on "Details", I was allowed to view the certificate properties, and ALSO had a button to "Accept".  Hitting "Accept" installed the certificate as trusted, and I get through the proxy server just fine.  Only problem now is that if I *want* to re-create the prompt, I have no way, as I've found no way to remove certificates from the iPad unless installed via configuration profile.
  We've checked and double-checked, and the certificates all "line up" to the correct CA.
  Any ideas where I night be going wrong?
  Thanks!

  New clue....
  I only have the problem of not connecting to the proxy server if I'm using a 3G connection.  If I turn on wi-fi, connect to an access point, the installed root certificates do their job, and I connect just fine.
  Anyone know of potential problems with SSL certificates over 3G?

• Root certificate issue with keytool (Tomcat)

  I have:
  - Created a certificate request
  - Sent the request to a CA (Verisign affiliate)
  - Received the certificate
  - Installed the certificate
  When I surf to the page that utilizes the certificate, I receive an error message:
  "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authoritues store"
  I use the certificate with Apache Tomcat. The root certificate is imported into the cacerts file. I use the following commands to prepare and install the certificate:
  keytool -genkey -dname "cn=somesite.com, ou=IT, o=SomeCompany, l=Stockholm, s=Sweden, c=SE" -keyalg "rsa" -alias SomeAlias -keystore D:\ssl\SomeFolder\keystore.jks -storepass SomePassword -validity 360
  keytool -certreq -alias SomeAlias -file D:\ssl\SomeFolder\MyCSR.csr -keystore D:\ssl\SomeFolder\keystore.jks -storepass SomePassword
  keytool -import -trustcacerts -alias SomeAlias -file D:\ssl\SomeFolder\MyCert.cer
  I don't see why I am having this problem. Please help me. I've spend several hours with different problems regaring the keytool utility, and the current certificate is valid for only three more days.
  Thanks in advance!
  Best regards,
  Bj�rn

  I am guessing that your ks file is not visible by the default config for Tomcat
  Check in your tomcat/conf/server.xml
  the config for the SSL Coyote Connector config block... you must specify the keystoreFile, maybe keystorePass... see http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html under Edit the Tomcat Configuration File
  -Jay

• Untrusted root certificates?

  So I was browsing my computer today (checking out another problem I'm not so concerned about) and I noticed something. In my Keychain, under "System", I have 2 certificates listed as "This root certificate is not trusted". Both have names starting with com.apple, so I'm less worried, but I'm wondering if other people have these on their systems and if they're normal. I don't know what these things do, so I haven't touched them, and I'm not going to post the full names in case it publishes a possible vulnerability in my computer.

  Are you sure you have Passwords selected on the left?
  Also... this is from the Safari Help Viewer for Root Certificates
  When you go to a secure webpage—for instance, to do online banking—Safari checks the site’s certificate and compares it with certificates that are known to be legitimate. If Safari doesn’t recognize the website’s certificate, or if the site doesn’t have one, Safari will let you know.
  For more detailed information on how Safari works with certificates, see this topic:
  Certificates and secure websites
  How to respond to a certificate warning:
  Click Show Certificate, and inspect the certificate for suspicious information.
  Look for a message that says, “This certificate was signed by an untrusted issuer.” If you see this message, click Cancel, and do not go to the website.
  Click the triangle next to the word “Details.” Check to make sure that the name and organization sections match those of the person or organization that owns the website. If anything looks unusual or is not what you expect, click Cancel, and do not go to the website.
  If you continue to the website, double-check the address in Safari’s toolbar to confirm that it is the correct address for the page you want to visit. The address should begin with “https://,” and the name of the website should be spelled correctly. Sometimes fraudulent websites masquerade as trusted websites by changing one or two letters of the trusted website’s address.
  Contact the administrator of the website, explaining the problem and requesting more information.
  If you continue, the certificate will be stored on your computer, and this warning won’t be displayed again for this website until you quit and restart Safari. If you like, you can remove the certificate later using Keychain Access. For instructions, open Keychain Access and choose Help > Keychain Access Help.
  Carolyn

• Keychain root certificate not trusted (?)

  I see a couple of items in keychain access that say "root certificate not trusted"
  what is this and should they be deleted or somehow modified?
  I looked at certificates with Certificate assistant "evaluate certificate"
  but do not quite understand.
  Thanks

  Ok I'll try not to...
  Thanks

• Mail cannot verify my mail server's root certificate

  When I try to send an email, I get a warning message saying that mail cannot verify my mail servers root certificate. I have tested the certificate and it had a blue boarder not a gold one, I can't remember what this means but I think its not recognised. This has only just started happening.
  Apparently the root server is VeriSign Class 3 Extended Validation
  Mail was unable to verify the identity of this server, which has a certificate issued to "smtp.mac.com". The error was:
  The root certificate for this server could not be verified.
  You might be connecting to a computer that is pretending to be "smtp.mac.com", and putting your confidential information at risk. Would you like to continue anyway?

  This is the OS X Server forum.... You probably want to post in:
  http://discussions.apple.com/forum.jspa?forumID=1223
  Jeff

• HT5012 What is the necessity of using these trust root certificates ? In which scenario we can use these certificates?

  Hi all ,
  I would like to know about the trust store and trust root certificates . Please let me know why we have to use these certificates and in which scenario it could be helpful?

  Hi All,
  Please help me in advise for my query.
  Thanks,
  Sriram

• TROUBLESHOOTING TIPS RE: iCLOUD MAIL SERVER DROPOUT

  Here's what I learned throughout this and I will post a discussion in a separate thread for the rest of the folk out there.
  MYTHS AND FACTS RE: iCLOUD MAIL SERVER DROPOUT- WHAT I'VE LEARNED
  Hopefully this troubleshooting helps everyone that has had or having issues, for now and for the future...
  Firstly, the Apple system status is a bit of a myth. Because it is a global community of people using iCloud, it does not always update in real time. The Apple techs check this when there is issues, as do the public, so odds are unless every single person is having issues around the globe, then it won't reflect an issue. http://www.apple.com/au/support/systemstatus/
  Apple technicians work in territories. For example, I live in Australia so I had to deal with a tech supervisor who looks after Australasia and who is based in Singapore. They don't get a notification if a group of people in Canada are having problems, even if they are identical to mine, unless as above, the whole world is having issues.
  CHECK THESE FORUMS as a first step measure to work out if the problem seems to be just you and your account, or a wider community. Particularly before you make any major change to your email accounts, passwords, computers or phones.
  If you get an issue in the next week or so (and keep in mind for the future) Error Message: "MY NAME" returned the error "[AUTHENTICATIONFAILED] Authentication failed." Your username/password or security settings may be incorrect. Would you like to try re-entering your password?" and this happens multiple times when you know the password is correct, then odds are that the server is down and you are best to wait it out. Try checking your mail via iCloud to test. If you can send it through there, odds are that the glitch has nothing to do with your password or issues with your account and rather than make changes, try and wait it out.
  If all of your folders in your email disappear, if they are IMAP folders, then log into iCloud mail in your web browser to check that they are still there. It just means that your mail client (Mac Mail, Outlook for Mac etc) can't access the IMAP folders via the server. Don't panic until they are gone from every device you use your email on.
  Be wary of deleting ANYTHING from your computer unless you are backing it up first. For example, I had a tech guy on the first day of the server drop out, who gave me the wrong advice of deleting EVERYTHING from my keychain. This resulted in me having massive security issues for web browsers and thus, I couldn't log into my iCloud mail in my browser. Not only did I have to re-install my OS Maverick to fix it (which took 10 hours) but I could have muddled through this mess by continuing to work using web mail.
  If everyone seems to be having a mail server problem based on online community discussions, then you are not alone and TELL your Apple tech this. Send copies of the links to the various conversations. Push them (nicely) to investigate internally what is going on and don't let them rely on the System support status. It also helps to put in a report to Apple down the track.
  Make sure that you can get a copy of Apple tech guys email address. Thankfully, even though I was on the phone to them for in excess of 7 hours over the past two days, I could update my guy via email and also send him screen shots of things that did or didn't work using my iPhone. We would keep in contact and all I would have to do is send him an email and he would call me back straight away. No holding or dealing with any call centre issues, which is probably the only reason why I didn't lose my cool too much.
  If you can get into your iCloud through your web browser, you have the options under the inbox and then the little wheel thing down the bottom (preferences) to put a vacation message, like an out of office. Put that on and explain you are having email issues and give another email address or your contact number. At least the people that you need to contact will know that things could get lost in cyberspace. I wish I had of known this earlier.
  You can also forward emails emails to another email address under preferences. Also very handy.
  Become friends with your tech guy rather than enemies. If you don't feel like your tech guy knows what he's talking about, politely request to speak to a supervisor. I would be having a nervous breakdown right now (small business owner, lost two days of billable hours so I am financially behind) if I didn't have a good relationship with the guy that has been helping me. We are a good team, with me updating him with the information, via these forums, to find a proper solution to the issue and to rectify the wrong information I was given by the previous Apple tech guy I spoke to.
  Ask them to replicate your issue on their side of the fence to troubleshoot. For example, my tech guy Levi replicated my issue with websites by intentially removing the system certificate from his computer and he realised that was what the problem was, and thus he could quickly find out how to fix it.
  Back up your stuff regularly. It might be annoying but it is peace of mind if know you are only going to lose a minimum of a week's worth of stuff.
  Apple has an engineering team and tech guys raise 'tickets' to them with information on what has happened to their clients. I don't know much about this but I would assume it is having the engineering team investigate to stop this happening in future. They can only work with the feedback they get I suppose. I would also suggest doing the Apple Care survey so they also get feedback. We need to explain to them that we are asking for communication first and foremost - whilst it is inconvenient, if we all knew when and where they would be doing server upgrades (which the rumours indicate that this is what happened) then I don't feel everyone would be so frustrated.
  Using your computer is like raising a child - you know when something is not right, even if you are not experienced at it yet. Sure, you may not know the lingo but trust your instincts and tell your tech guy. I have learned more in the past two days about computers and Mac's than ever before and I know when I can confidentially say that strange things were happening to my Mac and where Apple went wrong in guiding me. Don't always take a blanket or easy explanation if you don't think it is right; odds are it will result in making changes to your product that do more harm than good.
  Keep a record of notes of how much time you have spent on the issue (including phone calls to Apple), what they have told you to do and at what time, changes to passwords, troubleshooting tips and the contact details (and reference numbers) of who you speak to. I'm not sure if Apple provides compensation for these issues or anything along these lines, but I certainly will be informing them so they can try and better their service to me in the future.
  Anyway, I hope that helps everyone a bit - these are just things that I have learned and if anyone else has any tips please feel free to add them.

  Tried port 465 but it wouldn't work.
  Went to our help desk and here's the reply I got (paraphrased slightly cuz the person at the help desk was trying hard to be helpful and I don't want to get him/her in trouble):
  I presented this question to the university team and then waited for a long time to get the following reply:
  we do not allow relay from non-university IP addresses.
  port 25 for smtp is a standard worldwide.
  For the most part, that went right over my head and didn’t answer anything, but I hope it means something to you.
  I called him to get more clarification, but all I really got out of it was that, if you don’t use exchange which is secure via port 443, then your other option is to use smtp.  And then he said something about how relay, iron ports, and authenticated accounts work together to make it secure.  I know it makes me sound a lot more inept than I am, but all that made little sense to me.  What I gather, is… that by selecting SSL when configuring your client, it makes it so that your login info and mail content is safe.  Sorry, I can’t provide a more cohesive and comprehensive explanation, but I think the bottom line is that they have combined a non-secure protocol with other stuff to make it secure.
  So, I'm hoping that checking SSL and using port 25 somehow solves the problem to the satisfaction of our IT professionals at the University ...
  Again, thanks for taking the time to educate the rest of us!

• How to verify CA root certificate?

  When the client downloads CA root certificate from the CA server , how to verify that the root certificate is actually from the CA server from which we want to connect?

  > but I have interpreted this question to be specifially about Root CAs ... as these are the only ones that require explicit trust or trust in a browser / OS vendor.
  No, I think the question was about web server trust. Since, the transport is not secured (there is no SSL) you can't verify whether you are downloading from the right server. Say, someone created a rogue web server and gain control over the traffic
  (may be, DNS is tampered, or MITM situation). As long this rogue web server responds with the certificate which can be successfully validated by the certificate chaining engine, this web server may be considered as valid.
  And vice versa, legitimate web server is misconfigured, and wrong certificate was placed there. Downloaded certificate won't pass the check and you may wrongfully consider this legitimate server untrusted. This is why you can't tell certainly whether
  you connected to the right server. You only can make assumptions based on downloaded content after it verification, but yet no certainty.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Removing / updating root certificates?

  I know from the documentation I've reviewed that the root certificate store isn't easily viewed in webOS. There is a knowledge base article that lists certs that come pre-installed (at least in 2.x), but that's the closest I've come to being able to see them.
  I have a need to remove one of the root certificates that came pre-installed, and I can't seem to find a way to do it. If I have to, I am open to writing an application toward this end, but I'm finding it difficult to believe that there isn't some easier way, or some HP internal tool that might do this.
  Do any of you have any suggestions? I really don't want to trust a particular CA for one minute longer than I have to.
  Alternatively, can anyone at HP tell me if you are planning to release a CRL for any of the compromised Diginotar CA certs, and if so, how quickly?
  I'm most concerned about this on the Touchpad and original Pre.
  Thanks.
  Post relates to: Pre p100eww (Sprint)

  I'm curious about the intent to do a wholesale update of the root certificates in a server operating system. I would think you should consider yourself lucky, because there are practical limits to the size of the Trusted Root Certificate Store (64kb of certificates,
  which is 175-200 of them, depending on their data size).
  A more surgical approach is to only install a new root certificate when it is needed for a specific purpose. Otherwise, certificates that are expired can generally just be deleted.
  However, for an alternative approach to this process, I would suggest installation of KB931125 to a **WORKSTATION** operating system (a reference VM not actually used by anybody would be even better), and then EXPORT those certificates that you actually
  need from that reference system and import them to where they are needed.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.