Instantly share code, notes, and snippets.

Embed
What would you like to do?
Add new certificate (cert) from local/internal intranet to your mac

Add a cert to you macbook

USAGE

~/add_cert.sh my.intra.net

you will be asked for your password to add thit to keychain

  • downloads pem file
  • adds to trusted root certificates
#!/bin/zsh
#
if [ -z "$1" ]; then
echo "provide a domain as an argument"
exit;
fi
d=`date +%Y-%m-%d`
p=~/$1$d.pem
f=~/$1$d.cer
touch $f
touch $p
# path added -- brew openssl....
# echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc
# get pem file
openssl s_client -showcerts -connect "$1:443" -servername $1 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $p
# https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
openssl x509 -inform PEM -in $p -outform DER -out $f
#cat $f;exit;
# https://github.com/laravel/homestead/pull/773
# https://stackoverflow.com/questions/45263265/use-ssl-on-laravel-homestead
# https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
echo "adding cert $f to trusted root certs"
if [[ $( sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $f ) ]]
then
echo "killing chrome to get the new certificate"
#pkill -a -i "Google Chrome"
fi
@espoelstra

This comment has been minimized.

espoelstra commented Nov 21, 2018

You may also want to add a 2>/dev/null before the pipe so that any warnings don't taint the certificates if some error happened to print between the BEGIN and END lines.

This script is fantastic, though it would be cool if it supported specifying whether to add a certificate to the System or the login keychain. It also appears that there is trustRoot for CA certificates and trustAsRoot for non-CA certs, so handling that could be useful as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment