JSPM

add-trusted-cert

0.6.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 29
  • Score
    100M100P100Q40270F
  • License MIT

Add trusted certificates to the macOS keychain via an API

Package Exports

  • add-trusted-cert

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (add-trusted-cert) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

add-trusted-cert

An API for calling the security add-trusted-cert command in macOS to add certificates to the system keychain.

This is useful if you are generating a root CA / self-signed certificate and want to auto-register it into the keychain.

For more information, see man security and search for the add-trusted-cert command.

Install

npm i add-trusted-cert

Notes

  • Using this will prompt the user for sudo access for security to write to the keychain, followed by another confirmation to add the certificate to the trust store.
  • I have never gotten the policyConstraint flags to work with trustAsRoot for resultType
  • I cannot offer support for troubleshooting the security parameters, it's very much a black box in general

Usage

import { addTrustedCert, POLICY_CONSTRAINTS, RESULT_TYPES } from 'add-trusted-cert'

(async () => {
  // Add a root certificate / certificate authority
  // This will set the policy for the cert to 'Always Trust'
  // Be aware of the security implications of allowing the cert to be trusted for everything
  await addTrustedCert({
    addToAdminCertStore: true,
    resultType: RESULT_TYPES.TRUST_ROOT,
  }, 'root.crt')
})()

Debugging

To see the command line output that is generated, add:

DEBUG=add-trusted-cert <your node app start command>

API

addTrustedCert(options, certFile) ⇒ Promise.<string>

Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings. When modifying per-user Trust Settings, user authentication is required via an authentication dialog. When modifying admin Trust Settings, the process must be running as root, or admin authentication is required.

Returns: Promise.<string> - Output of the security add-trusted-cert command See: man security add-trusted-cert

Param Type Description
options object
[options.addToAdminCertStore] boolean If true, adds the cert to the admin cert store
[options.resultType] string
[options.policyConstraint] Array.<string> | string Policy constraints
[options.appPath] string Application constraint
[options.policyString] string Policy-specific string
[options.allowedError] Array.<(string|number)> | number | string
[options.keyUsageCode] number Key usage. For more than one usage, add values together (except -1).
[options.keychain] string Keychain to which the cert is added. Default is '/Library/Keychains/System.keychain'.
[options.settingsFileIn] string Input trust settings file; default is user domain
[options.settingsFileOut] string Output trust settings file; default is user domain
certFile string Certificate file to add