Loading a Machine Certificate into System Keychain

Similar Messages

• 2 Untrusted Certificates in "System Keychain" in Keychain.app

  Hi, I have an untrusted com.apple.kerberos.kdc certificate in my System Keychain, along with both a corresponding private and public key. Similarly, I have the same situation with a com.apple.systemdefault .....
  For those interested in seeing a pic:
  http://img444.imageshack.us/my.php?image=picture2vs8.png
  Basically, I was hoping someone could either tell me that it's no big deal and they have the same certificates there too, or that I should probably delete them. More importantly, I was hoping some one might be helpful enough to explain to me why they are there or what they are for. Because, for example, from what little I know of networks and stuff, I know Kerberos is used in like school networks and business etc. But I only use my mac at home
  As for some background ---> (if anyone is interested before answering) +I'm not not in the States right now where I normally reside and I happen to have taken my computer in for care at an authorized dealership here overseas where I'm temporarily staying.+
  +After they replaced my Optical Drive under Apple Care Warranty, they needed to reinstall.... I had provided my CDs--which I am without a doubt certain worked before I handed them in as required by their service terms--but was later informed that the new Optical Drive that had been installed could not read them for some reason or another(the CDs would mount, but show no contents within the Finder window). If I were in the US, I would have called apple since I am still under warranty and seen if they could be replaced, which I have done with a past G4 powerbook with no prob at all. But since they couldn't provide that service, they simply installed leopard on my comp for me off their Install CDs.... As a result, I am left wondering if maybe they used an Install Disc which was intended for another computer or was perhaps not appropriately specified for my comp or something.+

  Wow, thanks for responding. I really didn't expect a soul to respond such an obscure query.... You're right, it isn't affecting the system at all in anyway, but from what I gather from your response and a search on google which yielded a meager one result of any informative value, it's not normally supposed to be there:
  http://dev.mac-forums.com/forums/os-x-applications-games/104229-keychain-has-unt rusted-certificate.html
  So, I was wondering if you or anyone else could do me a a very quick favor. Can you tell me if the same certificates are even present on your box? Or, if they are in fact there, are they trusted?
  Finally, as a less valuable side note, do you know what these certificates could be, or might have been used for? Seeing as how I'm prettty much an at home browser/computer user, I don't think I would have required the use at least that kerberos certificate in the 3 days I have been using the freshly installed OS since after the repair........
  Thanks

• How to load a client certificate into a servlet to access a Web Service

  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet running under
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the client and the
  server hosting the Web Service. Thus, my client has to send a certificate to the
  server.
  My problem is: how to get the certificate into the request? I know that, for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method. But I can't
  use this class.
  Is there any other method to make sure that SSL requests use my client certificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peer certificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508> <Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

  Hi all,
  I have solved this problem basically by using weblogic's SSLSocketFactory instead
  of the default one used by Axis. I created a custom HttpSender (MyHttpSender)
  which uses this Factory. I then created a custom Config class which I pass to
  the constructor of Service. The Config class looks like this:
  public class MyConfig extends SimpleProvider {
  * Constructor - deploy client-side basic transports.
  public MyConfig() {
  deployTransport("java", new SimpleTargetedChain(new JavaSender()));
  deployTransport("local", new SimpleTargetedChain(new LocalSender()));
  deployTransport("http", new SimpleTargetedChain(new MyHttpSender()));
  The relevant code within MyHttpSender looks something like this:
  SSLClientInfo sslinfo = new SSLClientInfo();
  File ClientKeyFile = new File("C:/certificates/testkey.pem");
  File ClientCertsFile = new File("C:/certificates/testcert.pem");
  InputStream[] ins = new InputStream[2];
  ins[0] = new FileInputStream(ClientCertsFile);
  ins[1] = new FileInputStream(ClientKeyFile);
  String pwd = "mykeypass";
  sslinfo.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());
  javax.net.SocketFactory sockf = weblogic.security.SSL.SSLSocketFactory.getJSSE(sslinfo);
  sock = sockf.createSocket(host, port) ;
  By the way, this change also solved the other problem I posted about (not being
  able to tunnel through the https proxy).
  Cheeers,
  Zoltan Schreter
  Nokia
  "Tony" <TonyV> wrote:
  Which API's are you currently using for the SSL communication in the
  client
  side?
  Tony
  "Zoltan Schreter" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet runningunder
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the clientand the
  server hosting the Web Service. Thus, my client has to send a certificateto the
  server.
  My problem is: how to get the certificate into the request? I knowthat,
  for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method.But I
  can't
  use this class.
  Is there any other method to make sure that SSL requests use my clientcertificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peercertificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508><Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

• I've been using Elements 10 on my windows 7 machine editing RAW/NEF picture files taken with a Nikon D40X camera with no problems. I upgraded my camera to a Nikon DX7100 and can no longer load my RAW/NEF into elements 10. Is there a compatability problem

  I've been using Elements 10 on my windows 7 machine editing RAW/NEF picture files taken with a Nikon D40X camera with no problems. I upgraded my camera to a Nikon DX7100 and can no longer load my RAW/NEF into elements 10. Is there a compatability problem with my new camera? Will upgrading elements to a newqer version solve the problem?

  NEF's for the D7100 should work with the latest version PSE13
  You can download here and try free for 30 days:
  https://www.adobe.com/cfusion/tdrc/index.cfm?product=photoshop_elements&loc=us&PID=2159997 #

• Can I remove all but the last "Mac OS X Server certificate management" application password from my System Keychain?

  I am slowly nursing a broken Montain Lion Server back to health. The problems started with a name change days ago then went sour, probably because of some stuff in the keychain that tripped the commands up.
  I have now a trusted Root CA in my System Keychain which has signed my wildcard Certificate for my domain and all my services are protected by this wildcard certificate. Creating and installing that certificate helped me back (slowly) but there are still problems to solve
  I also have set the com.apple.servermgrd identity preference to this (now trusted) wildcard certificate a few minutes ago
  I am busy cleaning as much as possibe of junk from my Keychains to improve stability, of course without damaging things (I hope)
  There are 19 "Mac OS X Server certificate management" application passwords in my System Keychain.
  12 are from 9 days ago when I installed this clean OS X Mountain Lion Server for the first time, created within a minute during server install.
  1 from 6 minutes later, maybe when I turned on a Service
  2 are from that day, but 2 and 3 hours later (also probably because of something I did in Server.app, like enabling a service)
  1 from 2 days later (probably when I tried to change the server name/domain)
  1 from again 5 days later (probably when I tried to change the server name/domain again)
  1 from yesterday, when I changed the servername
  1 from today, when I changed the server name again.
  What are these application passwords for and can I safely remove all but the last one? What are they for?

  I went ahead and remove them a month ago. So far, there don't seem to be any issues. As long as you double-triple-check that the hash-number in those "Mac OS X Server certificate management" keychains _aren't_ in the filename of any of the *.pem files in the /etc/certificates folder, you can delete those orphan keychains.

• Can I use LabVIEW to load data directly into system memory? The serial card I'm using isn't supported by NI nor does VISA recognize it. I'm using a Win32 function to read the data from the card and now I want it to go directly to system memory.

  Can I use LabVIEW to load data directly into system memory from a VI? The serial card I'm using isn't supported by NI nor does VISA recognize it. I'm using a Call Library function to read the data from the card and now I want it to go directly to system memory.
  The data is being received at 1Mbps.
  Thanks

  Two questions:
  One, if it's a serial card, then presumably it gives you more serial ports, like COM3, COM4, etc. If so, VISA would see the COM ports, and not the card directly. The drivers for the card should make it so that you see the extra serial ports from the OS. If you don't see the extra COM ports from VISA, then it sounds like the drivers for the card are not installed properly. Do the extra COM ports show up in Device Manager?
  Two, you said that you're using a Call Library function to get the data and you want to put it into system memory. Errr.... you just read the data and you have it in memory by definition. Are you saying you need a way to parse the data so it shows up on a graph or something?

• HT1338 I am trying to update a Brother MFC-J5910DW firmware and driver software for OS X Mountain Lion. The instructions say I need to have JavaVM (Virtual Machine) on my system. How do I load it and wasn't there a "fix" apple sent out for Java?

  I am trying to update a Brother MFC-J5910DW firmware and driver software for OS X Mountain Lion. The instructions say I need to have JavaVM (Virtual Machine) on my system. How do I load it and wasn't there a "fix" apple sent out for Java?

  Java for OS X 2013-002

• What Certificate store is used for machine certificates

  I have a requirement to have windows 7/8 users connect to the company network using VPN & IKEv2.
  I have a RH Linux 7 firewall/authentication server that the windows clients will connect to via a vpn.
  I have generated a self-signed Certificate Authority, and a client certificate. (using NSS & certutil)
  I have configured a VPN/IKEv2 connection on my windows 7 client system.
  I have selected "use machine certificates" on the security tab.
  However when I attempt to connect to the Linux 7 server. Windows returns a 13806 error. The windows process
  for locating the certificate cannot find the certificate. (I used mmc to install both the CA certificate & the client certificate)
  So I wondering since I specified the use of machine certificates, perhaps I've installed the certificates in the wrong "store".
  Is there a special "store" for machine certificates?   

  Hi MeipoXu, many thanks for working with me on this issue.
  Thru some trial & error testing I determined the Local Computer store "combo" that DOES NOT generate
  a 13806 error (cert not found) is to import the client cert to the "Personal" store under "Local Computer"
  and import the CA into the Trusted Root Certificates store, also under the "Local Computer"
  However I still get the 13819 error Invalid Certificate Type.  When I attempt to make a connection over vpn.
  Here are the trace entries:
   Frame: Number = 4, Captured Frame Length = 234, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: IPsec: Receive ISAKMP Packet
    - WfpUnifiedTracing_IKE_PACKET_RECV IKE_PACKET_RECV: IPsec: Receive ISAKMP Packet
       AsciiString ICookie: 76991f2483ab8271
       AsciiString RCookie: be81c4728325eb7f
       AsciiString ExchangeType: IKEv2 SA Init Mode
       UINT32 Length: 284 (0x11C)
       AsciiString NextPayload: SA
       UINT8 Flags: 32 (0x20)
       UINT32 MessageID: 0 (0x0)
       UnicodeString LocalAddress: 192.168.10.4
       UINT32 LocalPort: 500 (0x1F4)
       UINT32 LocalProtocol: 0 (0x0)
       UnicodeString RemoteAddress: 69.54.99.132
       UINT32 RemotePort: 500 (0x1F4)
       UINT32 RemoteProtocol: 0 (0x0)
       UINT64 InterfaceLuid: 1688849960927232 (0x6000006000000)
       UINT32 ProfileId: 2 (0x2)
    Frame: Number = 5, Captured Frame Length = 121, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: User Mode Error
    - WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
       AsciiString Function: IkeFindLocalCertChainHelper
     - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
        UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
    Frame: Number = 6, Captured Frame Length = 121, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: User Mode Error
    - WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
       AsciiString Function: IkeFindLocalCertChainHelper
     - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_NO_CERT
        UINT32 WinErrorValue: 0x000035EE - ERROR_IPSEC_IKE_NO_CERT - The IKE failed to find a valid machine certificate. Contact your network security administrator about installing a valid certificate in the appropriate certificate store.
    Frame: Number = 7, Captured Frame Length = 117, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: User Mode Error
    - WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
       AsciiString Function: IkeEncodeCertChainIkeV2
     - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
        UINT32 WinErrorValue: 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
    Frame: Number = 8, Captured Frame Length = 117, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: User Mode Error
    - WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
       AsciiString Function: IkeEncodeCertChainIkeV2
     - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
      - HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
       -  LEHResult:
          UINT32 Code:      (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
          UINT32 Facility:  (.....00000000111................) WIN32
          UINT32 X:         (....0...........................) Reserved
          UINT32 N:         (...0............................) Not NTSTATUS
          UINT32 C:         (..0.............................) Microsoft-defined
          UINT32 R:         (.0..............................) Reserved
          UINT32 S:         (1...............................) Failure
  $$$$$$$ N O T E :   Frame Numbers 9 thru 13 are exact same error message as Frame numbers 8 (the first) and Frame 14 (the last) $$$$$$$$ Then I close the connection
  and stop the trace.  
    Frame: Number = 14, Captured Frame Length = 123, MediaType = NetEvent
  + NetEvent:
  - MicrosoftWindowsWFP: User Mode Error
    - WfpUnifiedTracing_WFP_USERMODE_ERROR WFP_USERMODE_ERROR: User Mode Error
       AsciiString Function: IkeConstructAndSendMMResponse
     - WinErrorCode ErrorCode: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
      - HRESULT ErrorValue: ERROR_IPSEC_IKE_INVALID_CERT_TYPE
       -  LEHResult:
          UINT32 Code:      (................0011010111111011) 0x000035FB - ERROR_IPSEC_IKE_INVALID_CERT_TYPE - Invalid certificate type.
          UINT32 Facility:  (.....00000000111................) WIN32
          UINT32 X:         (....0...........................) Reserved
          UINT32 N:         (...0............................) Not NTSTATUS
          UINT32 C:         (..0.............................) Microsoft-defined
          UINT32 R:         (.0..............................) Reserved
          UINT32 S:         (1...............................) Failure
  So after a response is received from the Server (to complete the SA Initiation)
  Windows then "looks" for a cert to send to the server.
  It appears initially it can't find one because 13806 errors are reported (Frames  5 & 6)
  However the session does not issue an 13806.
  It goes on to Frame 7: Note the function IkeEncodeCertChainIkeV2 detects the invalid cert type
  Frames 8 thru 14 are just a repeat of the same error.
  Could this be a flaw in the windows VPN logic ?
  Guy

• Machine Certificate Autoenroll

  Hello All, I was using an Apple Script to Auto-enroll OS X 10.6 in our Microsoft PKI certificate infrastructure (Machines certificate).  The script created all the needed cert request parameters automatically, submitted it via the web based certificate request process and pulled the certificate into the system.  The certificate could be used to create and EAP/TLS wireless profile.
  With Lion the script no longer works and the process for automatically requesting the certificate seems to have changed as well.
  I also noticed that the Wi-Fi profile can now be created via profile, which is easier, but I don’t have an easy way to auto-enroll in my PKI infrastructure.
  Has anyone come up with a good way of resolving the auto-enrollment process for certificates?
  Any help or guidance is much appreciated.

  Moving to AAA forum for faster response.
  Vinay
  Community manager - Wireless

• What is the MACHINE_IDENTITY identity preference in the System Keychain for?

  I am slowly succeeding in nursing my broken Mountain Lion Server back to life. A name change hosed it, probably because of some remaining stuff in the Keychains.
  In my System Keychain, I have
  OPENDIRECTORY_ROOT_CA_IDENTITY - points to a Self-signed root CA created during Server install
  OPENDIRECTORY_INT_CA_IDENTITY - points to a Self-signed intermediate CA created during Server install
  MACHINE_IDENTITY - Points to nothing (is broken).
  What certificate is supposed to be mentioned in MACHINE_IDENTITY. Maybe someone with a working Mountain Lions Server can check for me?

  That's the certificate chain, with the certificate used to uniquely identify the server.  With a self-signed root, there wouldn't be an intermediate certificate.  If you're not familiar with them, certificates are effectively cryptographic passwords, and they're either maintained and created locally (privately, self-signed) or are signed and therefore traceable back to another certificate.
  With a correctly-functioning Open Directory, you'd create and load new self-signed certs.  In older releases, via Server Admin.  In newer releases, via Server.app.
  Here's an old article (TA24487) and there's a whole lot more on certificates in this document; Advanced Server Administration.
  I don't have a server running 10.8 handy to check.

• Error loading local CSV file into external table

  Hello,
  I am trying to load a CSV file located on my C:\ drive on a WIndows XP system into an 'external table'. Everyting used to work correctly when using Oracle XE (iinstalled also locally on my WIndows system).
  However, once I am trynig to load the same file into a Oracle 11g R2 database on UNIX, I get the following errr:
  ORA-29913: Error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  error opening file ...\...\...nnnnn.log
  Please let me know if I can achieve the same functionality I had with Oracle XP.
  (Note: I cannot use SQL*Loader approach, I am invoking Oracle stored procedures from VB.Net that are attempting to load data into external tables).
  Regards,
  M.R.

  user7047382 wrote:
  Hello,
  I am trying to load a CSV file located on my C:\ drive on a WIndows XP system into an 'external table'. Everyting used to work correctly when using Oracle XE (iinstalled also locally on my WIndows system).
  However, once I am trynig to load the same file into a Oracle 11g R2 database on UNIX, I get the following errr:
  ORA-29913: Error in executing ODCIEXTTABLEOPEN callout
  ORA-29400: data cartridge error
  error opening file ...\...\...nnnnn.log
  Please let me know if I can achieve the same functionality I had with Oracle XP.
  (Note: I cannot use SQL*Loader approach, I am invoking Oracle stored procedures from VB.Net that are attempting to load data into external tables).
  Regards,
  M.R.So your database is on a unix box, but the file is on your Windows desktop machine? So .... how is it you are making your file (on your desktop) visible to your database (on a unix box)???????

• L2TP based VPN with OpenS/WAN server, OpenSSL machine certificates

  I cannot seem to get OSX to accept the machine certificates for a VPN connection using Internet Connect.
  I have generated OpenSSL x509 certificates for the server and client side, the same process has generated certificates that work just dandy with WindowsXP. The certificates have "subjectAltName=" key/value pairs assigned to the IP address of the VPN server.
  Once generated I import the certificates into OS X (you have to run KeyChain Access with "sudo" from the console to get this to work). The certificate authority seems to be ok, the CA has been added to the x509Roots, and when I examine the machine certificate for my OS X install using KeyChain Access the certificate is marked valid.
  I generated the hash link for the certificate:
  ln -s /etc/racoon/certs/certname.pem /etc/racoon/certs/'openssl x509 -noout -in certname.pem'.0
  From the console I run '
  openssl verify certname.pem
  It fails unless I specify '-CAPath /etc/racoon/certs', then it passes.
  When Internet Connect is setup to use the certificates I can see in the OpenS/WAN logs that the OS X box connects and negotiates IPSEC to MAIN_3. At this point pluto logs the following:
  ignoring informational payload, type INVALIDCERTAUTHORITY
  This repeats for several re-tries before the OS X side gives up. No useful logging is generated on the OS X side for me to debug, and everything from the OpenS/WAN side seems to be kosher, it appears to be an oakley/racoon issue with validating the machine certificate provided by OpenS/WAN to the OS X side, with the OS X side unable to verify the certificate.
  Has anyone solved this? Any ideas on how to improve the logging output from OS X so I can see what racoon/oakley is carping about in the certificate files it is using?

  I'm having the same problem. I've got a machine cert on my Mac OS 10.4.6 client that was issued by my Win2003 CA. When I try and connect, it just hangs and then dies. In the Security Logs on the 2003 L2TP server, I even see a successful IKE negotiation (MS Event ID 541 and 543 below).
  EventID 541:
  IKE security association established.
  Mode:
  Key Exchange Mode (Main Mode)
  Peer Identity:
  Certificate based Identity.
  Peer Subject C=US, S=City, L=State, O=Company, OU=group, CN=machine.subdomain.company.com, E=[email protected]
  Peer SHA Thumbprint peerthumbrint
  Peer Issuing Certificate Authority O=company.com, CN=Certificate Authority
  Root Certificate Authority O=company.com, CN=Certificate Authority
  My Subject CN=server.subdomain.company.com
  My SHA Thumbprint mythumbrint
  Peer IP Address: x.x.x.x
  Filter:
  Source IP Address x.x.x.x
  Source IP Address Mask 255.255.255.255
  Destination IP Address x.x.x.x
  Destination IP Address Mask 255.255.255.255
  Protocol 0
  Source Port 0
  Destination Port 0
  IKE Local Addr x.x.x.x
  IKE Peer Addr x.x.x.x
  IKE Source Port 500
  IKE Destination Port 500
  Peer Private Addr
  Parameters:
  ESP Algorithm Triple DES CBC
  HMAC Algorithm SHA
  Lifetime (sec) 3600
  MM delta time (sec) 1
  EventID 543:
  IKE security association ended.
  Mode: Key Exchange (Main mode)
  Filter:
  Source IP Address X.X.X.X
  Source IP Address Mask 255.255.255.255
  Destination IP Address X.X.X.X
  Destination IP Address Mask 255.255.255.255
  Protocol 0
  Source Port 0
  Destination Port 0
  IKE Local Addr X.X.X.X
  IKE Peer Addr X.X.X.X
  IKE Source Port 500
  IKE Destination Port 500
  Peer Private Addr
  At least give me a some methods to debug with.

• "Dashboard Advisory" in Keychains/System Keychain?

  I've just noticed something in Keychains, System Keychain, called +Dashboard Advisory+, issued by +Dashboard Advisory CA+. It reads, +Expires: Tuesday, April 29,2036 2:09 PM America/New York.+
  *Below that in red there is: +This certificate was signed by an unknown authority+*
  (I also have X509Anchors in Keychains. But there, in green, unlike the Dashboard Advisory, it is, more reassuringly, written, +this certificate is valid+)
  Can anyone tell me, please, what this is and if it is legitimate?
  (A short Google search seems to turn up something about a Daemon phoning home to Apple re. Dashboard Widgets (installed after the 10.4.7 Update), but I'm not sure this is what I have, and I certainly don't understand why, then, it was "signed by an unknown authority."
  Message was edited by: WZZZ

  ... and now it's all ok?? ... or are you getting what I am getting ?
  -i.e. .... loads of different applications complaining that =this or that certificate is invalid etc - even if you change the trust settings !!!! $&^&( aaarghhhhh)
  I am cross enough to join you at the wall down there for a spot of head butting that wall !!
  I think you are just about to suffer the issue I am - guess what ... some of those apple certificates have just gone out of date today/yesterday .........
  can we download some new ones from...... now lets see....... ummmmm .... hey APPLE !! can you send us some in date ones in an 'update' (good name for it really)
  still cross, in london, tired now too as 12:48 in morning/night whatever, big long day ahead tomorrow to
  I have also posted about this in another thread - BDAqua has been trying to help me (thanks) but I am trawling around these other threads in the vain hope that one of them will contain the secret 'fix'
  hows the head WZZZ ??!!
  Best regards
  Andy

• System Keychain Vulnerability

  I have my login keychain secured by a separate password. However, the System Keychain contains the password to my network and time capsule and is not secured by a separate password. I only need to open Keychain Access, unlock the System Keychain, and enter my login password and I have access to the items.
  I thought the idea behind the System Keychain was to store passwords needed for the system independent of the user and that these passwords would be secured by a system password known only to the OS. The fact that I can use my login password to access these keychain items makes the second password for my login keychain irrelevant for my network and time capsule.
  Am I missing something..?

  Someone takes my Mac and is able to guess or otherwise break my login password. I am still protected for my login keychain by a second, stronger password.
  As I said before, even if your login keychain uses exactly the same password as your login password, resetting the login password will not help an attacker break into that keychain. The attacker would have to guess your login password to get access to that keychain. Of course, if you've chosen such a poor password that someone could guess it, you can hardly call that a system vulnerability!
  however, being mac-savvy, the thief opens keychain access and selects my *System* keychain and unlocks it. It asks for a password and the thief enters my login password.
  Again, this relies on the thief knowing your login password. However, I'm not sure what the effects of resetting the login password would be on the System keychain. I would think that the same thing would apply and you'd lose access to those passwords. But since this keychain has a different purpose than the others, maybe not. The only way to know for sure would be to test it.
  the System Keychain only contains passwords which are needed across all users, but these include the network and time capsule passwords which are pretty critical...
  That's assuming that resetting the password gives access, which may not be the case. Even if that is the case, those passwords are not really critical... choose a unique password for these things that you don't use for anything else. Your scenario of having someone steal your laptop yet stay on-site and mess with your Time Capsule is a bit silly. The thief already has your machine, so there's nothing on the Time Capsule that they won't already have.

• How Do I Load An Animated GIF Into PictureBox Control From Byte Array?

  I'm having a problem with loading an animated GIF int a picturebox control in a C# program after it has been converted to a base64 string, then converted to a byte array, then written to binary, then converted to a base64 string again, then converted to
  a byte array, then loaded into a memory stream and finally into a picturebox control.
  Here's the step-by-step code I've written:
  1. First I open an animated GIF from a file and load it directly into a picturebox control. It animates just fine.
  2. Next I convert the image in the picturebox control (pbTitlePageImage) to a base64 string as shown in the code below:
                  if (pbTitlePageImage.Image != null)
                      string Image2BConverted;
                      using (Bitmap bm = new Bitmap(pbTitlePageImage.Image))
                          using (MemoryStream ms = new MemoryStream())
                              bm.Save(ms, ImageFormat.Jpeg);
                              Image2BConverted = Convert.ToBase64String(ms.ToArray());
                              GameInfo.TitlePageImage = Image2BConverted;
                              ms.Close();
                              GameInfo.TitlePageImagePresent = true;
                              ProjectNeedsSaving = true;
  3. Then I write the base64 string to a binary file using FileStream and BinaryWriter.
  4. Next I get the image from the binary file using FileStream and BinaryReader and assign it to a string variable. It is now a base64 string again.
  5. Next I load the base64 string into a byte array, then I load it into StreamReader and finally into the picturebox control (pbGameImages) as shown in the code below:
  byte[] TitlePageImageBuffer = Convert.FromBase64String(GameInfo.TitlePageImage);
                          MemoryStream memTitlePageImageStream = new MemoryStream(TitlePageImageBuffer, 0, TitlePageImageBuffer.Length);
                          memTitlePageImageStream.Write(TitlePageImageBuffer, 0, TitlePageImageBuffer.Length);
                          memTitlePageImageStream.Position = 0;
                          pbGameImages.Image = Image.FromStream(memTitlePageImageStream, true);
                          memTitlePageImageStream.Close();
                          memTitlePageImageStream = null;
                          TitlePageImageBuffer = null;
  This step-by-step will work with all image file types except animated GIFs (standard GIFs work fine). It looks like it's just taking one frame from the animation and loading it into the picturebox. I need to be able to load the entire animation. Does any of
  the code above cause the animation to be lost? Any ideas?

  There is an ImageAnimator so you may not need to use byte array instead.
  ImageAnimator.Animate Method
  http://msdn.microsoft.com/en-us/library/system.drawing.imageanimator.animate(v=vs.110).aspx
  chanmm
  chanmm