-
-
Save ijy/9cb9201343ee129e0d5668a447cbaedc to your computer and use it in GitHub Desktop.
Ensures a certificate is in the macOS system keychain.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage | |
| # $ ./install-cert-macos.sh "/path/to/cert" | |
| CERT_PATH="$1" | |
| # First, grab the SHA-1 from the provided SSL cert. | |
| CERT_SHA1=$(openssl x509 -in "$CERT_PATH" -sha1 -noout -fingerprint | cut -d "=" -f2 | sed "s/://g") | |
| # Next, grab the SHA-1s of any standard.dev certs in the keychain. | |
| # Don't return an error code if nothing is found. | |
| EXISTING_CERT_SHAS=$(security find-certificate -a -c "standard.dev" -Z /Library/Keychains/System.keychain | grep "SHA-1") || true | |
| echo "$EXISTING_CERT_SHAS" | grep -q "$CERT_SHA1" || { | |
| sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$CERT_PATH" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment