Re: [Fed-Talk] Adding a trusted certificate?
Re: [Fed-Talk] Adding a trusted certificate?
- Subject: Re: [Fed-Talk] Adding a trusted certificate?
- From: "Trouton, Rich R" <email@hidden>
- Date: Thu, 14 Feb 2013 22:09:30 +0000
- Thread-topic: [Fed-Talk] Adding a trusted certificate?
|
John,
Are you running Mac OS X 10.7.5 or 10.8.x? That certificate should already be in your System keychain, as it is added by the OS (in 10.7.5 for 10.7.x and it's been in 10.8.x from the get-go.)
Thanks,
Rich
On Feb 14, 2013, at 4:57 PM, John Oliver wrote:
Long
story short... I have a package that bombs out with an error about an untrusted cert. That package is signed by a third-party developer cert which is signed by "Apple Worldwide Developer Relations Certification Authority" However, that certificate is not included
with the OS or the package, so I need to add it as a trusted certificate, and I need to do that from the command line.
My
first question is, why is this certificate not included with the OS? It shows up in my login.keychain on another system, and I can download it from Apple's web site, but it seems like it should be included.
Next...
since it is not included by default, and there may be a valid reason for that, what's the most appropriate keychain to add it to? It isn't a root certificate, so /S/L/K/SystemRootCertificates.keychain is out. I'd say /S/L/K/SystemCACertificates.keychain, but
that keychain is not loaded by default, and seems to be mainly for DoD PKI. I could make an argument for /L/K/System.keychain Or, not knowing, adding it to $USERs ~/L/K/login.keychain seems "safe"
OK!
So, I tried:
imac:~
jnojr$ security add-trusted-cert -k ~/Library/Keychains/login.keychain ~/AppleWWDRCA.cer
SecTrustSettingsSetTrustSettings:
One or more parameters passed to a function were not valid.
The
man page suggests that should work, but doesn't give any more examples.
Googling
turns up numerous results that suggest:
security
add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/exported/certfile
The
'-d' adds a certificate to an admin store, instead of the user. So let's try that...
imac:~
jnojr$ sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer
Password:
SecTrustSettingsSetTrustSettings:
One or more parameters passed to a function were not valid.
imac:~
jnojr$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer
Hey,
that worked! Except... it didn't. The certificate was added to the keychain, but the installer still bombs, and 'security dump-trust-settings -d' tells me:
Cert
1: Apple Worldwide Developer Relations Certification Authority
Number
of trust settings : 0
So...
how do I get this cert to be trusted?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
---
JFRC Help Desk
phone: x4030
The best way to get in touch with me is through email.
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden