Skip to end of metadata
Go to start of metadata

Add "Always Trust" Certificates to macOS System Keychain to avoid end-user misconfiguring certificate trust settings when prompted by macOS.

macOS Big Sur Unsupported

The "/usr/bin/security" tool used in this script now requires a user's password to be entered via a GUI prompt on macOS Big Sur, eliminating the possibility of unattended remote deployment of an "Always Trust" certificate. Please deploy any future certificates using the "Certificates" payload via MDM.

More info here: https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Security


Typical Deployment:

  1. Download macOS - Add -Always Trust- Certificates to System Keychain.fileset.zip
  2. Unzip and import downloaded Fileset into FileWave Admin.
  3. Add all desired certificates (DER and PEM formats only) to the "/usr/local/etc/certs/" directory within Fileset Contents.

Customized Deployment:

  1. Download macOS - Add -Always Trust- Certificates to System Keychain.fileset.zip
  2. Unzip and import downloaded Fileset into FileWave Admin.
  3. Add all desired certificates (DER and PEM formats only) to any desired directory within Fileset Contents.
  4. Update "/usr/local/etc/scripts/add_trusted_cert.sh" Launch Arguments to include full path to desired directory.
    1. "/usr/local/etc/scripts/add_trusted_cert.sh">Get Info>Executable>Launch Arguments

End Result: