Install and trust DoD CA certificates on Mac OS X. Tested on Catalina and Mojave. *NOTE*: This should also enable CAC if you didn't override the system drivers.

import_dod_certs_mac.sh

#!/bin/bash 

set -eu -o pipefail

export CERT_URL='https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-certificates_pkcs7_DoD.zip'

# Download & Extract DoD root certificates
cd ~/Downloads/ || exit 1
/usr/bin/curl -LOJ "${CERT_URL}"

/usr/bin/unzip -o "$(basename "${CERT_URL}")"

cd "$(/usr/bin/zipinfo -1 "$(basename "${CERT_URL}")" | /usr/bin/awk -F/ '{ print $1 }' | head -1)" || exit 1

# Convert .p7b certs to straight pem and import
for item in *.p7b; do
  TOPDIR=$(pwd)
  TMPDIR=$(mktemp -d "/tmp/$(basename "${item}" .p7b).XXXXXX") || exit 1
  PEMNAME=$(basename "${item}" .p7b)
  openssl pkcs7 -print_certs -in "${item}" -inform der -out "${TMPDIR}/${PEMNAME}"
  cd "${TMPDIR}"
  /usr/bin/split -p '^$' "${PEMNAME}"
  rm "$(find . -name "x*" | sort | tail -1)"
  for cert in x??; do
    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${cert}"
  done
  
  cd "${TOPDIR}"
  rm -rf "${TMPDIR}"
done

Thanks @Crimsonize and @dcode, it worked great.

anyone tried this on Tahoe? not working for me

What issues are you experiencing? There is a known issue that requires you to continue to use TouchID/re-enter password for each cert. Are you able to execute the script?

…

On Fri, May 8, 2026 at 10:40 PM Jack ***@***.***> wrote: @getcake commented on this gist. ________________________________ anyone tried this on Tahoe? not working for me — Reply to this email directly, view it on GitHub or unsubscribe. You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS or Android.

@k10urzd lmao yeah that was my issue srry, all good now. i just ended up forcing my little brother tap my yubikey until it finished