Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Add new certificate (cert) from local/internal intranet to your mac

Add a cert to you macbook



you will be asked for your password to add thit to keychain

  • downloads pem file
  • adds to trusted root certificates
if [ -z "$1" ]; then
echo "provide a domain as an argument"
d=`date +%Y-%m-%d`
touch $f
touch $p
# path added -- brew openssl....
# echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc
# get pem file
openssl s_client -showcerts -connect "$1:443" -servername $1 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $p
openssl x509 -inform PEM -in $p -outform DER -out $f
#cat $f;exit;
echo "adding cert $f to trusted root certs"
if [[ $( sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $f ) ]]
echo "killing chrome to get the new certificate"
#pkill -a -i "Google Chrome"

This comment has been minimized.

Copy link

@espoelstra espoelstra commented Nov 21, 2018

You may also want to add a 2>/dev/null before the pipe so that any warnings don't taint the certificates if some error happened to print between the BEGIN and END lines.

This script is fantastic, though it would be cool if it supported specifying whether to add a certificate to the System or the login keychain. It also appears that there is trustRoot for CA certificates and trustAsRoot for non-CA certs, so handling that could be useful as well.


This comment has been minimized.

Copy link

@armando-couto armando-couto commented Sep 16, 2020

Muito obrigado!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment