• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Adding a trusted certificate?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Adding a trusted certificate?

  • Subject: Re: [Fed-Talk] Adding a trusted certificate?
  • From: Sean Baker <email@hidden>
  • Date: Fri, 15 Feb 2013 05:31:01 -0500
John,

How does:

sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer

turn out for you? [changed trustRoot to trustAsRoot - you can't trustRoot a non-root cert in my limited experience]

Sean



On 2/14/13 4:57 PM, John Oliver wrote:
Long story short... I have a package that bombs out with an error about an untrusted cert. That package is signed by a third-party developer cert which is signed by "Apple Worldwide Developer Relations Certification Authority" However, that certificate is not included with the OS or the package, so I need to add it as a trusted certificate, and I need to do that from the command line.

My first question is, why is this certificate not included with the OS? It shows up in my login.keychain on another system, and I can download it from Apple's web site, but it seems like it should be included.

Next... since it is not included by default, and there may be a valid reason for that, what's the most appropriate keychain to add it to? It isn't a root certificate, so /S/L/K/SystemRootCertificates.keychain is out. I'd say /S/L/K/SystemCACertificates.keychain, but that keychain is not loaded by default, and seems to be mainly for DoD PKI. I could make an argument for /L/K/System.keychain Or, not knowing, adding it to $USERs ~/L/K/login.keychain seems "safe"

OK! So, I tried:

imac:~ jnojr$ security add-trusted-cert -k ~/Library/Keychains/login.keychain ~/AppleWWDRCA.cer
SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid.

The man page suggests that should work, but doesn't give any more examples.

Googling turns up numerous results that suggest:

security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/exported/certfile

The '-d' adds a certificate to an admin store, instead of the user. So let's try that...

imac:~ jnojr$ sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer
Password:
SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid.

imac:~ jnojr$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/AppleWWDRCA.cer

Hey, that worked! Except... it didn't. The certificate was added to the keychain, but the installer still bombs, and 'security dump-trust-settings -d' tells me:

Cert 1: Apple Worldwide Developer Relations Certification Authority
Number of trust settings : 0

So... how do I get this cert to be trusted?


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


--
Ne Desit Virtus,

Sean R. Baker
1LT, MS
United States Army
Office #: (301) 319-0712
Email: email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] Adding a trusted certificate? (From: John Oliver <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] CAC-enabled login OS X10.7 & 10.8
  • Next by Date: Re: [Fed-Talk] SecurityAgent terminating app due to uncaught exception
  • Previous by thread: Re: [Fed-Talk] Adding a trusted certificate?
  • Next by thread: [Fed-Talk] Apple Security Vulnerability
  • Index(es):
    • Date
    • Thread