Step 1.) Security list-keychains
"/Users/username/Library/Keychains/login.keychain"
"/Library/Keychains/System.keychain"
Step 2.) Use paths and combined into a space delimited string in the same order without the quotes
Step 3.) Add the System CA Keychain into the list at the desired location
Step 4.) Use the -s Switch to set the Keychain list [Be careful doing this, it can mess up keychains if you don't get it correct]
Example Command: Security list-keychains -s /Users/username/Library/Keychains/login.keychain /System/Library/Keychains/SystemCACertificates.keychain /Library/Keychains/System.keychain
From: Taylor Armstrong - NOAA Affiliate <
email@hidden>
Date: Tuesday, August 25, 2015 at 1:50 PM
To: "Disiena, Ridley (MSFC-IS60)[EAST]" <
email@hidden>
Cc: "Krage, Joshua (GSFC-7000)" <
email@hidden>, Fed Talk <
email@hidden>
Subject: Re: [Fed-Talk] Scriptable way to refresh intermediate CA's?
All,
Feeling particularly dumb, but admitting the issue is part of solving it, right? :)
Is there a command-line equivalent of the "Open" command that will NOT pop a file up in the GUI? I've been unable to successfully add the SystemCACertificate keychain via the "Security list-keychains" option so far, so just for kicks, ssh'd in from another
system and just did "open /System/Library/Keychains/SystemCACertificate.keychain". Works exactly as expected... it imports the keychain, but it does it in the GUI on the remote system. Just wondering if there is a simple way to perform basically the same
function via CLI but *without* any action being taken in the GUI on the other end?