Mac Certificates Query
Mac Certificates Query
- Subject: Mac Certificates Query
- From: Rakesh Singhal <email@hidden>
- Date: Tue, 29 Apr 2014 12:19:45 +0530
How can we programatically bundle all VALID certificates from all keychains(login.keychain, SystemRootCertificates, SystemCACertificates and System.keychain) in one file, like we have /etc/ssl/certs/ca-certificates.crt in Linux? Our application is not going to ship its own ca-certificates.crt and instead is required to build one from the keychains.
I have written a program which gets all the certificates from the above keychains in one file using, for example, "security export -k /System/Library/Keychains/SystemRootCertificates.keychain -t certs -p -o allCertificates.crt". Then I iterate over this file to get one certificate(certificate.crt) at a time and subject it to "security verify-cert -c certificate.crt". If certificate.crt turns out to be valid, I append it to ca-certificates.crt.
This way I am able to find out all valid certificates in all above keychains except SystemRootCertificates. In this keychain I get 'Cert Verify Result: CSSMERR_TP_CERT_EXPIRED' as output of "security verify-cert -c" command. I have also tried -r switch in this command, but no success.
Can anybody tell me why this can be happening and remedy to it. Or any suggestion for a different/simple/better way to build ca-certificates.crt is also appreciated.
Note: my application is in Python.
Thanks in advance.
Regards,
Rakesh
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden