Trust settings via the “security” command

[benfeea1]

I am making a package to to add some certificates to the X509Anchors keychain, and would like to automatically set them to “Always Trust”.
Is there a way to set the trust settings for a certificate via the command line?
The security command seems to only handle importing the cert into the keychain, but does not allow you to set the trust levels.
I am using the following command:

security add-trusted-cert -d -k “$3″/System/Library/Keychains/X509Anchors “$3″/private/tmp/JHUAPL_Certs/JHUAPLCert.cer

That command adds the cert, but it is set to “Never Trust”.
The man page touches on trust settings a bit, but I can’t seem make it work.

[Patrick Fergus]

I think I got this answer from post #2 here:

[url]https://www.afp548.com/forum/viewtopic.php?showtopic=18460[/url]

I can verify that it works when executed on the first startup of the machine. I visit an internally-signed website and it’s trusted.

[code]/usr/bin/security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” /private/tmp/mycert.pem[/code]

I’m not sure whether you can point it at “$3″”/Library/Keychains/System.keychain”, adding it to a non-boot volume (in other words, making it part of a payload-free InstaDMG CustomPKG). Could work.

– Patrick

[Author]

Posts