LCS 2005 & Messenger for the Mac on Leopard

One of the changes with OS X 10.5 Leopard is the lack of the X509Anchors keychain being installed by default. The problem this creates is that a lot of Microsoft applications for the Mac depend on this keychain for their certificate authentication. They check the X509 keychain for a certificate and when it doesn’t exist, they fail to authenticate. The annoying part here is that the application doesn’t even have appropriate error messages included. Instead of something logical like the "the certificate is not valid or trusted" the user gets an error that their sign-in name or password is incorrect. Fortunately there’s a workaround and you can add this keychain back to make it functional again.

  1. Open Keychain Access (Using Spotlight to search for it is probably easiest)
  2. Click File > Add Keychain
  3. Browse to Machintosh HD | System | Library | Keychains and select the X509Anchors keychain. Press Open.
  4. Now select the X509 keychain in the Keychain Access window and drag all of the certificates you need onto this window. You should be prompted for your admin credentials.
  5. Now you’ll see a window asking which keychain you want to install the certificates to. Choose X509Anchors and press OK.
  6. Once your certificates are installed, try signing in again. This time it should succeed!

Peanut Gallery

  1. 1 Thomas

    It did not work for me: I could open the X509Anchors but it would not accept my usual password(s). Neither my login password nor any other I can remember. I wonder if I could delete this file and recreate it, with a new password.

     
  2. 2 Thomas

    Whew! I found the solution!

    The last item (#5) on this page is what I had to do – this time, no password was required, and now Entourage accepts my self-signed certificate again.

    http://www.entourage.mvps.org/faq_topic/leopard.html

     
  3. 3 Tom

    Thomas, were you trying to unlock the keychain prior to dragging the certificates onto it? You won’t ever actually be able to unlock the keychain, but if you try to drag some certs onto it, you should be prompted for your system credentials which will be accepted.

     
  4. 4 Dave

    I have been trying to get this working from Leopard messenger 6.0.3 to connect to OCS 2007 but no luck. Has anyone managed to get it working?

     
  5. 5 adam

    having serious difficulty with this.. i think i have deleted the x509 keychain, as i cant find it on my computer in library/keychains. cani get a new one anywhere?

     
  6. 6 Bob

    Interestingly, I found I could unlock the X509Anchors keychain – on a whim I tried the password ‘X509Anchors’ and it worked. Imagine that.

    But, alas, even getting the certs into the keychain didn’t solve this problem for me.

     
  7. 7 Egeste

    @ Dave: Messenger:mac 6.0.3 is not compatible w/ OCS 2007. Upgrade to Messenger:mac 7

    @ Author: Thank you for this information.

     
  8. 8 Rahul

    Where can I retrieve the certificate to install into the Keychain. I have communicator working on my windows machine. I am not the LCS/OCS server admin, so how do I get the certificate?

     
  9. 10 J-W

    I have the same question as Rahul. Is there a solution yet?

     
  10. 11 Vitaly

    I cannot copy any of certificates X509Anchors. System shows following error: “Could not write to the file. It may have been opened with insufficient access.”

     
  11. 12 Anna

    @Tom & Thomas, could you guys help me?

    Managed to unlock the X509Anchors but when dragging messenger onto it it says: An error has occurred. Unable to add an item to the current keychain.

    ????

     
  12. 13 scott

    Same question as Rahul and J-W.

     
  13. 14 Scott

    I also had the same problem and used Microsoft Cert Manager to install the root certificate. My IT admin gave it to me in a p7b bundle. I imported the two certificates, one was the root I believe, and in keychain access I had to set them both to ALWAYS TRUST.

    Worked instantly after that with no issues.

     
  14. 15 Andrew

    When I drag the X509Anchors Certificate onto this window, they just fly back to where I dragged them from????

     
  15. 16 Farak

    I don’t understand step 4. the X509Anchors keychain already contains lots of certificates. Do I drag these somewhere?

     
  16. 17 Nathan

    Hi guys, just where do I find the msn messenger certificate to drag INTO the X509Anchors listing?

     
  17. 18 Steve

    Thanks Tom,

    Worked a treat.

    ‘New Keychain’ -> Root>System>Library>Keychains>X509Anchors ‘Import Item’ -> Root Cert aka. login chain

     
  18. 19 Push

    Terminal: sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access

    Then you make the KeyChain running by root user, and you will have all permission.

     

Speak Up