Add new certificate (cert) from local/internal intranet to your mac

A Readme for Adding Certs.md

Add a cert to you macbook

USAGE

~/add_cert.sh my.intra.net

you will be asked for your password to add thit to keychain

• downloads pem file
• adds to trusted root certificates

add_cert.sh

#!/bin/zsh
#
if [ -z "$1" ]; then
	echo "provide a domain as an argument"
	exit;
fi

d=`date +%Y-%m-%d`
p=~/$1$d.pem
f=~/$1$d.cer

touch $f
touch $p

#  path added -- brew openssl....
#  echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc

# get pem file
openssl s_client -showcerts -connect "$1:443" -servername $1  </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $p
# https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
openssl x509 -inform PEM -in $p -outform DER -out $f

#cat $f;exit;
   # https://github.com/laravel/homestead/pull/773
   # https://stackoverflow.com/questions/45263265/use-ssl-on-laravel-homestead
   # https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
   echo "adding cert $f  to trusted root certs"
   if [[ $( sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $f ) ]]
   then
        echo "killing chrome to get the new certificate"
        #pkill -a -i "Google Chrome"
   fi

You may also want to add a 2>/dev/null before the pipe so that any warnings don't taint the certificates if some error happened to print between the BEGIN and END lines.

This script is fantastic, though it would be cool if it supported specifying whether to add a certificate to the System or the login keychain. It also appears that there is trustRoot for CA certificates and trustAsRoot for non-CA certs, so handling that could be useful as well.

Muito obrigado!