Home Forums Software InstaDMG Trust settings via the “security” command

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 12, 2008 at 1:50 am #371854
    benfeea1
    Participant

    I am making a package to to add some certificates to the X509Anchors keychain, and would like to automatically set them to “Always Trust”.
    Is there a way to set the trust settings for a certificate via the command line?
    The security command seems to only handle importing the cert into the keychain, but does not allow you to set the trust levels.
    I am using the following command:

    security add-trusted-cert -d -k “$3″/System/Library/Keychains/X509Anchors “$3″/private/tmp/JHUAPL_Certs/JHUAPLCert.cer

    That command adds the cert, but it is set to “Never Trust”.
    The man page touches on trust settings a bit, but I can’t seem make it work.

    March 13, 2008 at 2:00 pm #371873
    Patrick Fergus
    Participant

    I think I got this answer from post #2 here:

    [url]https://www.afp548.com/forum/viewtopic.php?showtopic=18460[/url]

    I can verify that it works when executed on the first startup of the machine. I visit an internally-signed website and it’s trusted.

    [code]/usr/bin/security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” /private/tmp/mycert.pem[/code]

    I’m not sure whether you can point it at “$3″”/Library/Keychains/System.keychain”, adding it to a non-boot volume (in other words, making it part of a payload-free InstaDMG CustomPKG). Could work.

    – Patrick

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.