Monday, October 4, 2004

Importing self-signed certificates

I have been trying to read a rss feed on a secure web site with a self-signed certificate, but Shrook has been having a problem loading it. Shrook uses Apple's Web toolkit to do http communication, and it looks it will not load data from a site with a self-signed certificate, when the certificate is not loaded in the keychain. Here are the steps that I used to get it to work:

  1. Get the certificate from the web server (Instructions from macosxhints).
    • openssl s_client -connect servername:443 -showcerts

    • Then copy & paste the lines from "-----BEGIN CERTIFICATE-----"
      through "-----END CERTIFICATE-----" *inclusive* into a file with the .pem extension and save it
      (as plain text, of course).
  2. Import this certificate into the X509Anchors keychan in Keychain Access.