I described a simple way to generate self-signed SSL certificate using command-line two weeks ago. So, today I will share very useful trick for MacOS users which is a shell script to import self-signed certificate to macOS system keychain using command-line.
Shell script.
#!/bin/sh
# MacOS system keychain - import website certificate
# temporary file to store certificate
certificate_file=$(mktemp)
# delete temporary file on exit
trap "unlink $certificate_file" EXIT
# domain address (eg. example.org)
certificate_domain=$1
# execute only if domain is provided
if [ ! -z "$certificate_domain" ]; then
echo "domain address: $certificate_domain"
# download remote certificate
echo -n | openssl s_client -connect ${certificate_domain}:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
# get certificate size and status
certificate_size=$(stat -f "%z" $certificate_file)
certificate_status=$(openssl x509 -in $certificate_file -noout 2>/dev/null; echo $?)
if [ "$certificate_size" -gt "0" ] && [ "$certificate_status" -eq "0" ]; then
echo "certificate details: "
openssl x509 -in $certificate_file -noout -text | awk "/X509v3 Subject Alternative Name/{getline;print}; /Subject:/ {print}" | tr -s "^ "
# import certificate to system keychain
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" $certificate_file
if [ "$?" -eq "0" ]; then
echo "certificate imported"
else
echo "certificate not imported"
exit 2
fi
else
echo "certificate not downloaded or bogus"
exit 1
fi
fi
Sample usage.
$ bash import_certificate.sh sleeplessbeastie.eu
