On Sep 12, 2011, at 9:35 PM, David Emery wrote:

I got Verisign individual identity PKI certs that I had loaded into Keychain.app, and they were picked up by Keychain as "My Certs" supporting signed/encrypted emails. Then I had to reload my home account, and I tried reloading those certs. They will not show up as "My Certs" in Keychain, and that means that I can't decrypt emails sent to me using that cert (nor sign emails.)

Anyone got any ideas how to attack/address this problem? Apple Tech Support pretty much washed their hands of the problem.

David, Since "My Certificates" equates to "My Identities" are you sure you imported the .p12 wrapped identity or did you just load a cert ? Of course the Cert alone will not work, but if the Private key and the Certificate are not loaded at the same time, the hash of the related Cert can't be inserted into the attribute of the Private Key to maintain the association. Best thing to do.... Go to machine where Identity is correct. Export full identity (.p12) and then import into other machine.... -Shawn __________________________________________________ Shawn Geddis geddis@me.com Security Consulting Engineer geddis@apple.com MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________