Package Exports
- add-trusted-cert
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (add-trusted-cert) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
add-trusted-cert
An API for calling the security add-trusted-cert
command in macOS to add certificates to the system keychain.
This is useful if you are generating a root CA / self-signed certificate and want to auto-register it into the keychain.
For more information, see man security
and search for the add-trusted-cert
command.
Install
npm i add-trusted-cert
Notes
- Using this will prompt the user for sudo access for
security
to write to the keychain, followed by another confirmation to add the certificate to the trust store. - I have never gotten the
policyConstraint
flags to work withtrustAsRoot
forresultType
- I cannot offer support for troubleshooting the
security
parameters, it's very much a black box in general
Usage
import { addTrustedCert, POLICY_CONSTRAINTS, RESULT_TYPES } from 'add-trusted-cert'
(async () => {
// Add a root certificate / certificate authority
// This will set the policy for the cert to 'Always Trust'
// Be aware of the security implications of allowing the cert to be trusted for everything
await addTrustedCert({
addToAdminCertStore: true,
resultType: RESULT_TYPES.TRUST_ROOT,
}, 'root.crt')
})()
Debugging
To see the command line output that is generated, add:
DEBUG=add-trusted-cert <your node app start command>
API
addTrustedCert(options, certFile) ⇒ Promise.<string>
Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings. When modifying per-user Trust Settings, user authentication is required via an authentication dialog. When modifying admin Trust Settings, the process must be running as root, or admin authentication is required.
Returns: Promise.<string>
- Output of the security add-trusted-cert
command
See: man security add-trusted-cert
Param | Type | Description |
---|---|---|
options | object |
|
[options.addToAdminCertStore] | boolean |
If true, adds the cert to the admin cert store |
[options.resultType] | string |
|
[options.policyConstraint] | Array.<string> | string |
Policy constraints |
[options.appPath] | string |
Application constraint |
[options.policyString] | string |
Policy-specific string |
[options.allowedError] | Array.<(string|number)> | number | string |
|
[options.keyUsageCode] | number |
Key usage. For more than one usage, add values together (except -1). |
[options.keychain] | string |
Keychain to which the cert is added. Default is '/Library/Keychains/System.keychain'. |
[options.settingsFileIn] | string |
Input trust settings file; default is user domain |
[options.settingsFileOut] | string |
Output trust settings file; default is user domain |
certFile | string |
Certificate file to add |