Added trusted certificate without prompting the user

Hi, I need to import a trusted certificate to the system keychain without prompting the user. I’m importing the certificate with this command line: sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" <certificate> that running from the post install script of my PKG. I'm running the PKG from my daemon service. The certificate is imported to the keychain but it's not trusted. This is the error that i'm getting: sectrustsettingssettrustsettings: the authorization was denied since no user interaction was possible. What is the right why for doing it? Thanks

Answered by DTS Engineer in 805950022
I need to import a trusted certificate to the system keychain without prompting the user.

To what end?

If you’re doing this in software that you deploy to a managed environment, the best path forward is to use MDM to install the trusted root. OTOH, if you’re deploying this to normal users, you shouldn’t be installing trusted roots without their approval.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I need to import a trusted certificate to the system keychain without prompting the user.

To what end?

If you’re doing this in software that you deploy to a managed environment, the best path forward is to use MDM to install the trusted root. OTOH, if you’re deploying this to normal users, you shouldn’t be installing trusted roots without their approval.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Added trusted certificate without prompting the user
 
 
Q