OSX wants to make changes. Type an administrator's name and password... Won't go away
from keychain, select your certification, change access control to "allow all applications to access this item"
Related videos on Youtube
Jake Wilson
Updated on September 18, 2022Comments
-
Jake Wilson over 1 year
I recently needed to add some SSL certificates to my Mac (OSX 10.10.5) in order connect to a remote service. The certificates are needed for 2 factor authentication.
I have full Admin rights in OSX. I am able to successfully add the certificates to the Keychain. I can go into the KeyChain app and set the certificate to Always Trust without issue.
When I attempt to make the connection (using Cyberduck for WebDAV in this case), I am asked to choose the proper certificate, and then I get this window:
So I enter my Username and Password, which DOES have full Admin rights. I click Allow and the window pops back up again, asking me for my Username and Password again. It doesn't seem to do anything. No errors or anything like that. Clicking "Deny" obviously tells the system I'm rejecting the certificate and it won't let me connect.
I can go directly into the KeyChain application and unlock and make all the changes I want, using my Username and Password (that has Admin rights). So why is this dialog not accepting my same Username and Password?
UPDATE
When putting in my Username and Password, and clicking "Allow" the system log reports:
Apr 22 10:05:15 my-computer.local Cyberduck[1621]: [background-1] ERROR ch.cyberduck.core.ssl.CertificateStoreX509KeyManager - Keystore not loaded Get Key failed: pad block corrupted Apr 22 10:05:16 my-computer.local com.apple.SecurityServer[87]: Problem opening rules file "/etc/authorization": No such file or directory
After some investigation, it appears that the
/etc/authorization
file was removed in Mavericks (OSX 10.9). So what is going on here exactly? Why is it trying to find this file that the OS should know isn't used anymore?-
Ramhound about 8 yearsIt sounds like the certificates were not added to the certificate store correctly. Your user obviously does not have permission to the System keychain, my suggestion, added the certificates to the user's keychain.
-
Jake Wilson about 8 yearsI do have full access to the System Keychain. I can unlock it and make changes in the Keychain application.
-
D Schlachter about 8 yearsYou might try looking at the
system.log
. I had an issue recently where a program was interfering with the Keychain (causing the prompts not to be trusted), and was getting appropriate error messages there. -
Jake Wilson about 8 yearsThe system log I think has some helpful info in it. See updated answer.
-
-
Jake Wilson about 8 yearsWhere exactly do you bring up that Window in the Keychain Access application?
-
Nikko almost 7 yearsTo answer Jake Wilson's question: double click on the certificate in the Keychain Access application.
-
Jake Toronto about 6 yearsHere's an answer with a few more details: superuser.com/a/1306894/280734
-
auspicious99 about 3 yearsWow, first time I ever knew there was this possibility! And it works! Thanks!
-
Sinjai about 3 yearsDouble-click the associated key – double-clicking the certificate only brings up trust info.