What is Unrecognized leaf certificate?
Every 15 minutes or so I get this message in my system.log
Apr 25 22:05:36 Ivans-MacBook-Pro.local apsd[194]: Unrecognized leaf certificate Apr 25 22:20:57 Ivans-MacBook-Pro.local apsd[194]: Unrecognized leaf certificate
Now I have figured out approximately what is what:apsd - Apple Push notification Service Daemon Leaf certificate - The first certificate in the certificate chain(Not sure, mentioned on some Microsoft site)
But what does it mean? How serious is it? What exactly is the leaf certificate? Do I have a false/bogus certificate on my system? It's a pretty clean Mac OS X Mavericks 10.9.2 install, only few apps from the official Mac App Store installed(Xcode and few other coding editors)
A "leaf certificate" is what is more commonly known as end-entity certificate. Certificates come in chains, starting with the root CA, each certificate being the CA which issued (signed) the next one. The last certificate is the non-CA certificate which contains the public key you actually want to use. If the PKI is represented as a tree, with the root CA as, yeah, the root, then end-entity certificates are the leaves. The Apple Push Notification Service is a system in which a component of your system connects back to Apple to get "notifications" (small messages related to your installed applications). From the messages you observe, it is plausible that the connection uses SSL, and the server certificate (on the Apple side of things) was recently changed, and (for some reason) does not make apsd happy.
Some Google searches show that other people get these messages, and don't seem to notice any bad consequence. This might be a consequence of some dysfunction at Apple's, and could possibly fix itself in a few hours. To be sure, try to run Wireshark to see if you could get a copy of the network traffic: if there indeed is some SSL, then Wireshark will show it, and you will get a copy of the offending certificate.
Leaf certificate about to expire!
Symptom Leaf certificate with alias name X is about to expire on Y. Once the certificate is expired, communication with managed devices and external servers will be impacted. This alert is new starting with HPE OneView 4.0.ID: Alerts.CertificateStatus.AboutToExpire Severity: Warning Health Category: Certificate management Resource URI: /rest/certificates/servers/{aliasname} Action Delete the expiring certificate from the appliance. Generate a new certificate and add the new certificate to the appliance using the same alias name.