add-trusted-cert
v0.6.1
Published
Add trusted certificates to the macOS keychain via an API
Downloads
31
Maintainers
Readme
add-trusted-cert
An API for calling the security add-trusted-cert
command in macOS to add certificates to the system keychain.
This is useful if you are generating a root CA / self-signed certificate and want to auto-register it into the keychain.
For more information, see man security
and search for the add-trusted-cert
command.
Install
npm i add-trusted-cert
Notes
- Using this will prompt the user for sudo access for
security
to write to the keychain, followed by another confirmation to add the certificate to the trust store. - I have never gotten the
policyConstraint
flags to work withtrustAsRoot
forresultType
- I cannot offer support for troubleshooting the
security
parameters, it's very much a black box in general
Usage
import { addTrustedCert, POLICY_CONSTRAINTS, RESULT_TYPES } from 'add-trusted-cert'
(async () => {
// Add a root certificate / certificate authority
// This will set the policy for the cert to 'Always Trust'
// Be aware of the security implications of allowing the cert to be trusted for everything
await addTrustedCert({
addToAdminCertStore: true,
resultType: RESULT_TYPES.TRUST_ROOT,
}, 'root.crt')
})()
Debugging
To see the command line output that is generated, add:
DEBUG=add-trusted-cert <your node app start command>
API
addTrustedCert(options, certFile) ⇒ Promise.<string>
Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings. When modifying per-user Trust Settings, user authentication is required via an authentication dialog. When modifying admin Trust Settings, the process must be running as root, or admin authentication is required.
Returns: Promise.<string> - Output of the security add-trusted-cert
command
See: man security add-trusted-cert
| Param | Type | Description | | --- | --- | --- | | options | object | | | [options.addToAdminCertStore] | boolean | If true, adds the cert to the admin cert store | | [options.resultType] | string | | | [options.policyConstraint] | Array.<string> | string | Policy constraints | | [options.appPath] | string | Application constraint | | [options.policyString] | string | Policy-specific string | | [options.allowedError] | Array.<(string|number)> | number | string | | | [options.keyUsageCode] | number | Key usage. For more than one usage, add values together (except -1). | | [options.keychain] | string | Keychain to which the cert is added. Default is '/Library/Keychains/System.keychain'. | | [options.settingsFileIn] | string | Input trust settings file; default is user domain | | [options.settingsFileOut] | string | Output trust settings file; default is user domain | | certFile | string | Certificate file to add |