Hey, time for my yearly blog post.
If your iMessages aren’t being received and are not going out from your Mac, and if your FaceTime isn’t working at all on your Mac, and you are noticing “apsd: Root certificate is not explicitly trusted” errors in the console, and you don’t see Entrust certificates in your System keychain, and you’d rather not wade through a bunch of blather, skip down to a possible solution.
Yeah, so one day I flipped on my Mac and over the course of a half hour noticed that something had gone awry in my keychain, specifically with certificates. Certain apps could not log into their remote server, but the most annoying thing to me was iMessages stopped working with the Messages app.
I get text messages frequently from friends, family and colleagues, most of them owning iPhones. With the Messages app on OSX you can add your iMessage account(s) to the app and send/receive those iMessages on your computer as well as your other iThings. It’s downright handy while you’re working to not have to pick up your iThing to interact with your dad who wants advice on a fabulous offer from a Nigerian businessman.
Okay, so what was happening is that Messages would not receive any iMessage sent to it and, conversely, when I tried to send one it would think about it for a bit before giving me the little red exclamation point.
So I sleuthed around in the console app and notice this happening a lot:
Much googling too place and I ended up on winding roads through the techno-babble wheat fields of the internet. This is what I did that finally resolved the issue:
- Go here: https://www.entrust.net/downloads/root_index.cfm. You may get a message in your browser that the site isn’t trusted and blah blah blah. Live dangerously!1 Seriously, there is something hosed with their certificate:
Beats me, but Apple uses them.
- You’ll be presented with a form containing two radio buttons:
I don’t know if it makes any difference but I chose the first one and clicked the download button.
- Now you’ll be presented with a list of certificate options:
Select the first option (Root Certificates).
- You’ll be presented with a handful of text boxes containing unreadable stuff. Above each of those boxes is link to download that unreadable stuff. Find the one named "Entrust.net Certification Authority (2048)” (should be the second option) and click the download link with the “cer” extension.
- Open the Keychain app on your computer. Note that with a handful of the following steps you may be prompted to enter your credentials one or more times. Live dangerously!
- Click the System Keychain in the upper left of the window.
- Go to File, Import Items.
- Navigate your way to the cer file you just downloaded. Select it and import it.
- Click on Certificates in the bottom left of the window.
- You should see the certificate you just imported. YOU ARE ALMOST DONE.
- Right click on the Entrust certificate and choose Get Info.
- At the next window expand the “Trust” section at the top. You’ll be presented with a bunch of dropdowns.
- The first dropdown is labeled “When using this certificate”. Click the dropdown and select “Always Trust”. Close the window.
- Now your certificate should have a little blue cross on it:
- You are done. Beer yourself.
- Of course, any harm done to your or your computer up to and including and exceeding the pwnage of your network(s), your neighbor’s networks, and the entire power grid within a 1.5AU radius of your computer is solely your responsibility. Live dangerously, responsibly.