add-trusted-cert v0.6.1

add-trusted-cert

An API for calling the security add-trusted-cert command in macOS to add certificates to the system keychain.

This is useful if you are generating a root CA / self-signed certificate and want to auto-register it into the keychain.

For more information, see man security and search for the add-trusted-cert command.

Install

npm i add-trusted-cert

Notes

• Using this will prompt the user for sudo access for security to write to the keychain, followed by another confirmation to add the certificate to the trust store.
• I have never gotten the policyConstraint flags to work with trustAsRoot for resultType
• I cannot offer support for troubleshooting the security parameters, it's very much a black box in general

Usage

import { addTrustedCert, POLICY_CONSTRAINTS, RESULT_TYPES } from 'add-trusted-cert'

(async () => {
  // Add a root certificate / certificate authority
  // This will set the policy for the cert to 'Always Trust'
  // Be aware of the security implications of allowing the cert to be trusted for everything
  await addTrustedCert({
    addToAdminCertStore: true,
    resultType: RESULT_TYPES.TRUST_ROOT,
  }, 'root.crt')
})()

Debugging

To see the command line output that is generated, add:

DEBUG=add-trusted-cert <your node app start command>

API

addTrustedCert(options, certFile) ⇒ Promise.<string>

Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings. When modifying per-user Trust Settings, user authentication is required via an authentication dialog. When modifying admin Trust Settings, the process must be running as root, or admin authentication is required.

Returns: Promise.<string> - Output of the security add-trusted-cert command See: man security add-trusted-cert