This Certificate is not in the trusted root database? - Technology Forum - Home Theater, Computer, Televisions, Personal Electronics and more!

nikkey · 08-07-2006, 11:57 AM

I have a root cert authority and underneath the name it has this alert in red:

This certificate is not in the trusted root database

It's a FileVault Recovery Key cert.

I haven't turned on FileVault but I did create a Master Password in System Preferences>Security.

Could I have some advice on this matter please?

drakula · 08-07-2006, 11:58 AM

Could I please have some advice on this, what's the trusted root database and why is this certificate not there and for the matter where exactly is it?

diamondd · 08-07-2006, 11:58 AM

Certs are managed in the Keychain Access app (10.4)

nikkey · 08-07-2006, 11:58 AM

If I launch Keychain Access app, the column to the left is titled Keychains, and has 4 padlocks named:

1 Login
2 FileVaultMaster
3 System
4 X509Anchors

If I click on FileVaultMaster in the left column, 2 entries appear in the big box to the right:

FileVault Master Password Key
FileVault Recovery Key

The first entry is a private key and the second is a certificate. It is this certificate that gives the error in red that I mention in post #1.

I now need to know if I really need this misplaced certificate and if I should delete it or how do I get it to the "Trusted Root Database"??

drakula · 08-07-2006, 11:59 AM

many thanks macswork,

Keychain first aid found no errors and I was unsure when the Certificate Assistant asked me to select the Appropriate trust policy:

s/mime
ssl
generic apple x509

I chose the 3rd choice and then got stuck on the next window that asked me to specify certs to be viewed and evaluated?

I didn't know what to do in this window....

diamondd · 08-07-2006, 11:59 AM

try Keychain First Aid.

If you enabled File Vault I would disable it before trying to delete any certs that reference it. There is also a cert setup assistant in Keychain Access that might allow you to either sign the problem cert or accept it as trusted.

nikkey · 08-07-2006, 11:59 AM

The bottom line is that the cert created on your computer by your computer is not in the trusted root database because you are not a trusted cert issuer. You can however issue certs that are not trusted and change the settings that your system uses to react to specific certs.

Double click the cert and scroll to the bottom. Expand the trust settings. Change settings to always trust if you like. But that is not needed for you on your own system because you issued it to yourself.

If you were creating a secure https website and wanted to issue your own certs for certain people to access your site it would not show up on their computer as a trusted cert. They could do the same thing on their end to not be warned when using a non trusted cert.

You have no worries. Continue smelling the flowers.