My office recently brought up an instance of Office Communications Server 2007 R2. After connecting via my Windows 7 laptop I decided to try Microsoft Messenger on the Mac. It seems that Apple and MS cannot make anything simple. Adding the certificate not only required manually adding a keychain Apple seems to be phasing out, but the way Snow Leopard is configured, trying to add the cert simple produces an Error 100013 which is oh so descriptive.
The error is related to unix permissions. If you add a certificate to System and try to drag it to X509Anchors this becomes more apparent. The error message there states “UNIX[permission denied]“. In the interest in being complete, here is how I got my organization’s root certificate added for OCS 2007 R2. This might also be needed for Entourage.
- Open Keychain Access from Applications/Utilities.
- Go to File->Add Keychain.
- At this point you are in ~/Library/Keychains. Browse to /System/Library/Keychains and add X509Anchors.
- Right-click the newly added keychain and unlock it. The password is “X509Anchors”.
- Open Terminal.
- sudo chmod -R 777 /System/Library/Keychains (don’t worry, we’ll set it back)
- Double-click the certificate and add it to the X509Anchors keychain. I’ve read this need to be a Base64 cert.
- Go back to your terminal window. If you closed it, just open another.
- sudo chmod 755 /System/Library/Keychains (no -R this time as the files inside have different permissions)
- sudo chmod 644 /System/Library/Keychains/*
- Close Terminal and Keychain Access.
That’s it. In my case I was now able to sign into our OCS 2007 R2 server with MS Messenger 7.0.2. I was going to try the 8 beta but corporate logon is disable for that.