OSX sslcacertfile and GMail (Basic help)

Lucien Pullen drurowin at gmail.com
Tue May 19 08:32:05 BST 2015


Also sprach Rainer M Krug on 2015-05-19:
> I don't have much knowledge of all these security issues, but as far as
> I know, the certificates are already in the keychain? Or are they there,
> because they have been downloaded by Safari browser before?

I don't use Safari, but on both computers I have access to Google's
intermediate CA is not present in the keychain... at least not the two
in /System/Library/Keychains/ (these correspond to the "System Roots" in
Keychain Access).  On both computers, my login keychain also doesn't
contain the CA.  I'm not sure about the other person's account (who does
use Safari).

Having to use Safari in order for the certificate to be present in the
keychain is not quite ideal, thus my question of having offlineimap take
care of fetching the dependent CA.

(From what I could tell, Certificate Assistant also could not
automatically resolve the missing certificate, so I believe that Safari
is installing it because it needs it, not because the security subsystem
is taking care of things.)




More information about the OfflineIMAP-project mailing list