Importing Your UH ITS Telecom Certificate into Apple Macintosh OS X Tiger

This is the very first draft of this document. There may be mistakes, omissions, and lapses of clarity throughout. If you're not an experienced Mac OS X administrator, I suggest that you follow these procedures exactly as they are described. Actually, if you're an experienced Mac OS X administrator, I suggest you follow them anyways.


Charles Macintosh (1766-1843)
inventor of waterproof fabrics		 These instructions will guide you through importing your certificate into Apple Macintosh OS X Tiger as a machine certificate.

If you do not have a certificate issued by the ITS Telecom Certificate Authority, then you can get one here.

If you have received your certificate by email, but you have not saved the attachement to a folder on your Mac, please do this before continuing. Your Documents directory is a good place to put it for the moment.

Also, you will need the passphrase that you entered on the web form when you requested the certificate. If you do not have it handy, then you will need it before proceeding.

If you have forgetten or misplaced your passphrase, then email Alan Whinery at whinery@hawaii.edu, explain your predicament. Then you may go to the request form again and make another request. You do not need to wait for a response from Alan before you submit another request. This will cause your old certificate to be revoked, and a new certificate will be issued.

Steps In This Procedure
Step 1: Open the iTerm Application
Step 2: Run A Privileged Keychain Access
Step 3: Unlock the System Keychain
Step 4: Import your certificate into the System Keychain
Step 6: Quit Keychain Access and iTerm

Pre-step i: You will need an account with administrative privileges to perform this procedure. If you are not sure whether your account has administrative privileges, see this page. Pre-step ii: The version of Mac OS X that your Mac is running needs to be at least 10.4 for this procedure to work. If you are not sure what version of Mac OS X is running on your Mac, see this page.
Step 1: Open the iTerm Application

  • Click on "Finder" in the dock at the bottom of the screen

  • The Finder main window will open. Select Applications from the pane on the left.

  • Scroll the list in the right pane until the iTerm application is visible. Double-click on iTerm to run it. The iTerm Window will appear.

    • Step 2: Run A Privileged Keychain Access

  • The following command needs to be typed into the iTerm window, exactly as it appears. You may cut and paste, as long as you are careful to ensure that the entire command, including the quotes, appear in the iTerm window before proceeding.

    The line to enter is:

    sudo "/Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access"

  • Execute the command by hitting the return (enter) key. A password prompt will appear in the iTerm window. The password that you need to enter is the password for the account on this Macintosh that you are using to perform this procedure.

  • After your password is accepted, the Keychain Access application will start.

    Note: If Keychain Access does not start, and there is a message which says "username is not in the sudoers file. This incident will be reported", then the account you are using does not have administrative privileges. You will need access to an account with administrative privileges before you can proceed.

    • Step 3: Unlock the System Keychain

    Note: Once the System Keychain is unlocked, it will lock itself again, automatically, if you get interrupted and don't do anything with the Keychain Access application for a few minutes. If this happens, just start this step over from this point.

  • The Keychain Access window should be open.

  • Click on the "Show Keychains" button in the lower left corner of the Keychain Access window.

  • Select the System keychain in the pane on the upper left.

  • Now click on the locked padlock above the keychain list. An "Authenticate" window will pop up requesting the account password.

  • When the password is accepted, you will hear an "unlocking noise" and the padlock that you just clicked will open, along with three smaller padlocks below it.

    • Step 4: Import your certificate into the System Keychain

  • Click File in the menu bar at the top of the screen. Drag down and select the Import menu item.

  • A file selection dialogue window will open. Navigate to the saved certificate file and select it. The file will have a name like user@hawaii.edu.p12. Click Open

  • An "Authenticate" window will open, asking for your certificate password. This is the password (also called "passphrase") that you entered on the certificate request form when you requested your certificate. Enter the password, and click the OK button.

    • Step 5: Move the CA Certificate into the X509Anchors keychain

  • When the password is accepted, three new entries will appear in the lower-right pane, which represents the contents of the System keychain. One will be name similar to "user@hawaii.edu", another, your private key, will have a name made up of seemingly arbitrary letters and numbers, and the third will be a certificate called called "Telecom".

    Note: If you select either one of the new certificates in the lower right pane, the upper right pane will display a scary red message telling you that there's something wrong. (...) Ignore these red messages for the moment.

  • Click on the "Telecom" entry in the lower-right pane, drag it over the "X509Anchors" entry in the upper left pane, and drop it there.

    • Step 6: Quit Keychain Access and iTerm

  • Click Keychain Access in the menu bar at the top of the screen. Drag down and select the Quit Keychain Access menu item.

  • You can also quit iTerm: Select the iTerm icon in the Dock at the bottom of the screen, then select the iTerm menu in the menu bar at the top of the screen, and drag down to select Quit iTerm.

    • The certificate import procedure is complete!