Ordinarily I wouldn't send reports of operating system bugs that pose
no security risk to this list, but I'm making an exception in this
case due to the following conditions:
1) There are a lot of Mac users in the NANOG community.
2) There is a preponderance of folks here who run their own CAs
3) CA software, particularly OpenSSL, is byzantine enough that
upon running into a problem, one is likely to think he is the
4) I just burned three evenings last week chasing this bug. I
don't have sufficient extra hair to be spending my evenings
tearing it out and you might not either.
Summary: MacOSX's keychain access application mishandles importing
root CA certs. This only happens under 10.5.7; other versions are
fine. There is a workaround using command line tools.
Details at http://support.apple.com/kb/TS2747