• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
[Fed-Talk] Adding a trusted certificate?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] Adding a trusted certificate?

  • Subject: [Fed-Talk] Adding a trusted certificate?
  • From: John Oliver <email@hidden>
  • Date: Thu, 14 Feb 2013 13:57:35 -0800
  • Thread-topic: Adding a trusted certificate?
Long story short... I have a package that bombs out with an error about an untrusted cert. That package is signed by a third-party developer cert which is signed by "Apple Worldwide Developer Relations Certification Authority" However, that certificate is not included with the OS or the package, so I need to add it as a trusted certificate, and I need to do that from the command line.

My first question is, why is this certificate not included with the OS? It shows up in my login.keychain on another system, and I can download it from Apple's web site, but it seems like it should be included.

Next... since it is not included by default, and there may be a valid reason for that, what's the most appropriate keychain to add it to? It isn't a root certificate, so /S/L/K/SystemRootCertificates.keychain is out. I'd say /S/L/K/SystemCACertificates.keychain, but that keychain is not loaded by default, and seems to be mainly for DoD PKI. I could make an argument for /L/K/System.keychain Or, not knowing, adding it to $USERs ~/L/K/login.keychain seems "safe"

OK! So, I tried:

imac:~ jnojr$ security add-trusted-cert -k ~/Library/Keychains/login.keychain ~/AppleWWDRCA.cer
SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid.

The man page suggests that should work, but doesn't give any more examples.

Googling turns up numerous results that suggest:

security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/exported/certfile

The '-d' adds a certificate to an admin store, instead of the user. So let's try that...

imac:~ jnojr$ sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer
Password:
SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid.

imac:~ jnojr$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer

Hey, that worked! Except... it didn't. The certificate was added to the keychain, but the installer still bombs, and 'security dump-trust-settings -d' tells me:

Cert 1: Apple Worldwide Developer Relations Certification Authority
Number of trust settings : 0

So... how do I get this cert to be trusted?
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] Adding a trusted certificate?
      • From: Sean Baker <email@hidden>
    • Re: [Fed-Talk] Adding a trusted certificate?
      • From: "Trouton, Rich R" <email@hidden>
  • Prev by Date: Re: [Fed-Talk] CoreCrypto / CoreCrypto Kernel now in "In - Review" (CMVP)
  • Next by Date: Re: [Fed-Talk] Adding a trusted certificate?
  • Previous by thread: Re: [Fed-Talk] Federal groups using Caper for management?
  • Next by thread: Re: [Fed-Talk] Adding a trusted certificate?
  • Index(es):
    • Date
    • Thread