Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5081: Mac does not accept 8192 bit certificates- Error -67762

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:17 AM

Applies to: Centrify DirectControl On Mac OS X

Problem:
  • When attempting to deliver a certificate to the Mac OS X keychain via group policy, the certificate does not appear in the keychain.  
  • When attempting to manually import a certificate into the Mac OS X keychain, the import fails with: Error -67762


Cause:

By default, Mac OS X does not allow certificates that are 8192 bits long to be imported due to potential performance issues.


Resolution:

Manually allow longer certificates to be imported.
  1. Open up terminal.app located in /Applications/Utilities/Terminal.app
    • For OS X 10.9 and above, type the following command into Terminal and hit return:

      sudo defaults write /Library/Preferences/com.apple.security RSAMaxKeySize -int 8192
       
    • For OS X 10.8 and below, type the following command into Terminal and hit return:

      sudo defaults write /Library/Preferences/com.apple.crypto RSAMaxKeySize -int 8192
  2. ​Reboot the machine
  3. Try to import the certificate again. If the certificate is being delivered via Group Policy, an adgpupdate will need to be performed in the Terminal. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.