Hi everyone. I’m having trouble understanding how to use the Keynote App DNS server, which is come.apple.keynote.peer….. I’m also curious about why the certificate for the Keynote DNS issued by Apple Inc. isn’t trusted my Keychain Access. Any insights or help would be greatly appreciated!
Mac Pro (2019)
I think you're misinterpreting what you're seeing.
You say Keynote App DNS, but this has nothing to do with DNS. It's an SSL certificate. It's used to secure network communication between two devices.
In this particular case, Keynote supports remote control on an iPhone (you can use an iPhone as a remote to manage a presentation running on your Mac). I'm assuming this SSL certificate is used to manage that connection.
In the case of SSL certificates, the 'untrusted' nature means that no third-party Certificate Authority has validated the certificate's authenticity and will vouch for the owner.
That's because a) the only people who would ever use this certificate are you (on your Mac) and you (on your iPhone or other iOS device); and b) no one else cares, and even if they did, it would likely take them longer to compromise the certificate than your presentation lasts. Besides, the extent of the damage they could cause would be to jump to a slide out of order.
Since, for the purposes of controlling a Keynote presentation, you're probably OK vouching for yourself, no CA needs to get involved, and therefore no trust relationship with a CA exists. Oh, and trusted certificates cost money... do you really want to pay just to run Keynote Remote?
Sure, if you're running apple.com, you want a trusted certificate on your web site so that no one else can say they're Apple, but for personal use, untrusted is fine.
key
This explains a lot. I had the notion that the entire keychain needs to be all trusted, but the examples you provided clarify the logic. My next question was going to be about how to find CAs to sign, but I think you answered it; by paying. Thank you.
There are many CAs that you can get your own SSL certificate from, with various hoops you have to jump through - the CA is putting their name and reputation on the line by honoring your certificate, so they're going to want to know something about you in return :)
Some of the known players (there are many) include DigiSign, VeriSign (now part of Symantec), and LetsEncrypt (the latter offering free SSL certificates with a goal of moving the world to HTTPS instead of HTTP by lowering the cost overheads)
In this particular case, though, even if you did get a personal SSL certificate, I'm not sure how you'd integrate it into Keynote or tell it to use your certificate over its own. There's no interface for this.
I see. I was referring to a business plan with emails, domain, and printing. Nonetheless, we are on the same page. Thank you again for taking the time with the discussion.
Keynote DNS and Keychain Access Certificate
