I recently needed to add some SSL certificates to my Mac (OSX 10.10.5) in order connect to a remote service. The certificates are needed for 2 factor authentication.
I have full Admin rights in OSX. I am able to successfully add the certificates to the Keychain. I can go into the KeyChain app and set the certificate to Always Trust without issue.
When I attempt to make the connection (using Cyberduck for WebDAV in this case), I am asked to choose the proper certificate, and then I get this window:
So I enter my Username and Password, which DOES have full Admin rights. I click Allow and the window pops back up again, asking me for my Username and Password again. It doesn't seem to do anything. No errors or anything like that. Clicking "Deny" obviously tells the system I'm rejecting the certificate and it won't let me connect.
I can go directly into the KeyChain application and unlock and make all the changes I want, using my Username and Password (that has Admin rights). So why is this dialog not accepting my same Username and Password?
UPDATE
When putting in my Username and Password, and clicking "Allow" the system log reports:
Apr 22 10:05:15 my-computer.local Cyberduck[1621]: [background-1] ERROR ch.cyberduck.core.ssl.CertificateStoreX509KeyManager - Keystore not loaded Get Key failed: pad block corrupted
Apr 22 10:05:16 my-computer.local com.apple.SecurityServer[87]: Problem opening rules file "/etc/authorization": No such file or directory
After some investigation, it appears that the /etc/authorization file was removed in Mavericks (OSX 10.9). So what is going on here exactly? Why is it trying to find this file that the OS should know isn't used anymore?
Best Answer
from keychain, select your certification, change access control to "allow all applications to access this item"