Apple released Safari today. Yay! It's a beta, so it's not feature-complete quite yet. One thing missing is that although Safari will check SSL certs on web sites to make sure they're signed by an approved CA, there's no UI for adjusting the list of trusted certificates.
The good news is that the set of approved CAs is managed in a System-wide Keychain file. It's in /System/Library/Keychains/X509Anchors. You can use certtool to add to this list easily. Just take the CA cert in PEM format and pull up a terminal window and type sudo certtool i cacertpemfile k=/System/Library/Keychains/X509Anchors. Simple as that.
This method no longer seems to work. Invoking "sudo certtool i k=/System/Library/Keychains/X509Anchors" results in the following error:
SecKeychainGetDLDBHandle returned -25294
Posted by: jtk at June 10, 2003 07:08 PMThis method no longer seems to work. Invoking "sudo certtool i <certfile.pem> k=/System/Library/Keychains/X509Anchors" results in the following error:
SecKeychainGetDLDBHandle returned -25294
Posted by: jtk at June 10, 2003 07:11 PM