opragel/add_certificate_to_keychain_and_trust.sh

## add_certificate_to_keychain_and_trust.sh
#!/bin/bash
KEYCHAIN_PATH="/Library/Keychains/System.keychain"
CERTIFICATE_CER_PATHS=( \
"/private/tmp/my-certificate-1.cer" \
"/private/tmp/my-certificate-2.cer" )

for certificateCerPath in "${CERTIFICATE_CER_PATHS[@]}"; do
  certificatePemPath="$certificateCerPath.pem"
  openssl x509 -inform der -in "$certificateCerPath" -out "$certificatePemPath"
  opensslVerifyResponse=$(openssl verify -CAfile "$certificatePemPath" "$certificatePemPath" | grep -o 'error.*at .*depth')
  if [ "$opensslVerifyResponse" ]; then
    security add-trusted-cert -d -r trustAsRoot -k "$KEYCHAIN_PATH" "$certificateCerPath"
  else
    security add-trusted-cert -d -r trustRoot -k "$KEYCHAIN_PATH" "$certificateCerPath"
  fi
  rm "$certificatePemPath"
done
	#!/bin/bash
	KEYCHAIN_PATH="/Library/Keychains/System.keychain"
	CERTIFICATE_CER_PATHS=( \
	"/private/tmp/my-certificate-1.cer" \
	"/private/tmp/my-certificate-2.cer" )

	for certificateCerPath in "${CERTIFICATE_CER_PATHS[@]}"; do
	certificatePemPath="$certificateCerPath.pem"
	openssl x509 -inform der -in "$certificateCerPath" -out "$certificatePemPath"
	opensslVerifyResponse=$(openssl verify -CAfile "$certificatePemPath" "$certificatePemPath" \| grep -o 'error.at .depth')
	if [ "$opensslVerifyResponse" ]; then
	security add-trusted-cert -d -r trustAsRoot -k "$KEYCHAIN_PATH" "$certificateCerPath"
	else
	security add-trusted-cert -d -r trustRoot -k "$KEYCHAIN_PATH" "$certificateCerPath"
	fi
	rm "$certificatePemPath"
	done