Hi foks, Ordinarily I wouldn't send reports of operating system bugs that pose no security risk to this list, but I'm making an exception in this case due to the following conditions: 1) There are a lot of Mac users in the NANOG community. 2) There is a preponderance of folks here who run their own CAs 3) CA software, particularly OpenSSL, is byzantine enough that upon running into a problem, one is likely to think he is the faulty party. 4) I just burned three evenings last week chasing this bug. I don't have sufficient extra hair to be spending my evenings tearing it out and you might not either. Summary: MacOSX's keychain access application mishandles importing root CA certs. This only happens under 10.5.7; other versions are fine. There is a workaround using command line tools. Details at http://support.apple.com/kb/TS2747 -r