security cert

Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings.

Syntax
      add-trusted-cert [-d] [-r resultType] [-p policy] [-a appPath] [-s policyString]
         [-e allowedError] [-u keyUsage] [-k keychain] [-i settingsFileIn] [-o settingsFileOut] [-D] certFile

Options:
   -d               Add to admin cert store; default is user.
   -r resultType    resultType = trustRoot|trustAsRoot|deny|unspecified; default is trustRoot.
   -p policy        Specify policy constraint (ssl, smime, codeSign, IPSec, iChat, basic, swUpdate,
                    pkgSign, pkinitClient, pkinitServer, eap).
   -r resultType    resultType = trustRoot|trustAsRoot|deny|unspecified; default is trustRoot.
   -a appPath       Specify application constraint.
   -s policyString  Specify policy-specific string.
   -e allowedError  Specify allowed error (an integer value, or one of: certExpired, hostnameMismatch)
   -u keyUsage      Specify key usage, an integer.
   -k keychain      Specify keychain to which cert is added.
   -i settingsFileIn   Input trust settings file; default is user domain.
   -o settingsFileOut  Output trust settings file; default is user domain.
   -D               Add default setting instead of per-cert setting.
                    No certFile is specified when using this option

Examples
   security> add-trusted-cert /tmp/cert.der
   security> add-trusted-cert -d .tmp/cert.der

Remove certificate (in DER or PEM format) in certFile from per-user or local Admin Trust Settings.

Syntax
      remove-trusted-cert [-d] [-D] certFile

Options
   -d     Remove from admin cert store; default is user.

   -D     Remove Default Root Cert setting instead of an actual cert setting.
          No certFile is specified when using this option.

When modifying per-user Trust Settings, user authentication is required via an authentication dialog.
When modifying admin Trust Settings, the process must be running as root, or admin authentication is required.

“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing” ~ Helen Keller

Related macOS commands

Local man page: security - Command line help page on your local machine.
security - Administer Keychains, keys, certificates and the Security framework.
codesign - Create and manipulate code signatures.

 
Copyright © 1999-2025 windevcluster.com
Some rights reserved