Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add "Always Trust" Certificates to macOS System Keychain to avoid end-user misconfiguring certificate trust settings when prompted by macOS.


Warning
titlemacOS Big Sur Unsupported

The "/usr/bin/security" tool used in this script now requires a user's password to be entered via a GUI prompt on macOS Big Sur, eliminating the possibility of unattended remote deployment of an "Always Trust" certificate. Please deploy any future certificates using the "Certificates" payload via MDM.

More info here: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security


Typical Deployment:

  1. Download macOS - Add -Always Trust- Certificates to System Keychain.fileset.zip
  2. Unzip and import downloaded Fileset into FileWave Admin.
  3. Add all desired certificates (DER and PEM formats only) to the "/usr/local/etc/certs/" directory within Fileset Contents.

...