Posted on 04-27-2020 05:20 AM
I found jamf
invaluable for helping me get this issue figured out... actually kind of excited about being involved as I find out more about what this community is about.
I do a lot of product testing and apparently one of our Chrome policies prohibits Chrome from automating the process of downloading and activating invalid certificates. So I've been trying to find a way to make this happen for a whole directory full of *.cer
files because we use self-signed certs for the initial configuration of our products and I end up with a few of them as I am testing multiple interactive products at once. After a TON of researching the little-discussed /user/bin/security
CLI, I managed to come up with this that adds them to the admin keychain in a fully trusted configuration! SWEET!!
find . -name '*.cer' -exec sudo security -v add-trusted-cert -r trustRoot -d -k /Library/Keychains/System.keychain ./{} ;
There's a couple key issues here...
1. -name '*.cer'
has to be in quotes or {}
tries to evaluate it before accessing the file and will fail with an invalid symbol error
2. -r trustRoot
NOT -r trustAsRoot
or you'll get the dreaded SecTrustSettingsSetTrustSettings
error
3. security -v
is helpful to ensure they've all been processed and show the commandline that was run, otherwise you get no output
You guys are the bomb, and I hope that being able to add this to the discussion helps someone who wants the lazy man's way to install a whole directory full of browser certs into the Keychain at once!