Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@koop
Created November 28, 2017 20:27
Show Gist options
  • Star 55 You must be signed in to star a gist
  • Fork 8 You must be signed in to fork a gist
  • Save koop/84254d5214495e6fc49db3284c9b7772 to your computer and use it in GitHub Desktop.
Save koop/84254d5214495e6fc49db3284c9b7772 to your computer and use it in GitHub Desktop.
Ensures a certificate is in the macOS system keychain.
#!/bin/bash
# Usage
# $ ./install-cert-macos.sh "/path/to/cert"
CERT_PATH="$1"
# First, grab the SHA-1 from the provided SSL cert.
CERT_SHA1=$(openssl x509 -in "$CERT_PATH" -sha1 -noout -fingerprint | cut -d "=" -f2 | sed "s/://g")
# Next, grab the SHA-1s of any standard.dev certs in the keychain.
# Don't return an error code if nothing is found.
EXISTING_CERT_SHAS=$(security find-certificate -a -c "standard.dev" -Z /Library/Keychains/System.keychain | grep "SHA-1") || true
echo "$EXISTING_CERT_SHAS" | grep -q "$CERT_SHA1" || {
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CERT_PATH"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment