I described a simple way to generate self-signed SSL certificate using command-line two weeks ago. So, today I will share very useful trick for MacOS users which is a shell script to import self-signed certificate to macOS system keychain using command-line.
Shell script.
#!/bin/sh # MacOS system keychain - import website certificate # temporary file to store certificate certificate_file=$(mktemp) # delete temporary file on exit trap "unlink $certificate_file" EXIT # domain address (eg. example.org) certificate_domain=$1 # execute only if domain is provided if [ ! -z "$certificate_domain" ]; then echo "domain address: $certificate_domain" # download remote certificate echo -n | openssl s_client -connect ${certificate_domain}:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file # get certificate size and status certificate_size=$(stat -f "%z" $certificate_file) certificate_status=$(openssl x509 -in $certificate_file -noout 2>/dev/null; echo $?) if [ "$certificate_size" -gt "0" ] && [ "$certificate_status" -eq "0" ]; then echo "certificate details: " openssl x509 -in $certificate_file -noout -text | awk "/X509v3 Subject Alternative Name/{getline;print}; /Subject:/ {print}" | tr -s "^ " # import certificate to system keychain sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" $certificate_file if [ "$?" -eq "0" ]; then echo "certificate imported" else echo "certificate not imported" exit 2 fi else echo "certificate not downloaded or bogus" exit 1 fi fi
Sample usage.
$ bash import_certificate.sh sleeplessbeastie.eu