~/add_cert.sh my.intra.net
you will be asked for your password to add thit to keychain
- downloads pem file
- adds to trusted root certificates
#!/bin/zsh | |
# | |
if [ -z "$1" ]; then | |
echo "provide a domain as an argument" | |
exit; | |
fi | |
d=`date +%Y-%m-%d` | |
p=~/$1$d.pem | |
f=~/$1$d.cer | |
touch $f | |
touch $p | |
# path added -- brew openssl.... | |
# echo 'export PATH="/usr/local/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc | |
# get pem file | |
openssl s_client -showcerts -connect "$1:443" -servername $1 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $p | |
# https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key | |
openssl x509 -inform PEM -in $p -outform DER -out $f | |
#cat $f;exit; | |
# https://github.com/laravel/homestead/pull/773 | |
# https://stackoverflow.com/questions/45263265/use-ssl-on-laravel-homestead | |
# https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ | |
echo "adding cert $f to trusted root certs" | |
if [[ $( sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $f ) ]] | |
then | |
echo "killing chrome to get the new certificate" | |
#pkill -a -i "Google Chrome" | |
fi |
You may also want to add a
2>/dev/null
before the pipe so that any warnings don't taint the certificates if some error happened to print between theBEGIN
andEND
lines.This script is fantastic, though it would be cool if it supported specifying whether to add a certificate to the System or the
login
keychain. It also appears that there istrustRoot
for CA certificates andtrustAsRoot
for non-CA certs, so handling that could be useful as well.