One of the changes with OS X 10.5 Leopard is the lack of the X509Anchors keychain being installed by default. The problem this creates is that a lot of Microsoft applications for the Mac depend on this keychain for their certificate authentication. They check the X509 keychain for a certificate and when it doesn’t exist, they fail to authenticate. The annoying part here is that the application doesn’t even have appropriate error messages included. Instead of something logical like the "the certificate is not valid or trusted" the user gets an error that their sign-in name or password is incorrect. Fortunately there’s a workaround and you can add this keychain back to make it functional again.
- Open Keychain Access (Using Spotlight to search for it is probably easiest)
- Click File > Add Keychain
- Browse to Machintosh HD | System | Library | Keychains and select the X509Anchors keychain. Press Open.
- Now select the X509 keychain in the Keychain Access window and drag all of the certificates you need onto this window. You should be prompted for your admin credentials.
- Now you’ll see a window asking which keychain you want to install the certificates to. Choose X509Anchors and press OK.
- Once your certificates are installed, try signing in again. This time it should succeed!
January 28th, 2008 at 3:16 am
It did not work for me: I could open the X509Anchors but it would not accept my usual password(s). Neither my login password nor any other I can remember. I wonder if I could delete this file and recreate it, with a new password.
January 28th, 2008 at 3:20 am
Whew! I found the solution!
The last item (#5) on this page is what I had to do - this time, no password was required, and now Entourage accepts my self-signed certificate again.
http://www.entourage.mvps.org/faq_topic/leopard.html
January 30th, 2008 at 1:47 pm
Thomas, were you trying to unlock the keychain prior to dragging the certificates onto it? You won’t ever actually be able to unlock the keychain, but if you try to drag some certs onto it, you should be prompted for your system credentials which will be accepted.
February 13th, 2008 at 4:28 pm
I have been trying to get this working from Leopard messenger 6.0.3 to connect to OCS 2007 but no luck. Has anyone managed to get it working?
May 7th, 2008 at 3:41 pm
having serious difficulty with this.. i think i have deleted the x509 keychain, as i cant find it on my computer in library/keychains. cani get a new one anywhere?
June 2nd, 2008 at 5:29 pm
Interestingly, I found I could unlock the X509Anchors keychain - on a whim I tried the password ‘X509Anchors’ and it worked. Imagine that.
But, alas, even getting the certs into the keychain didn’t solve this problem for me.