Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Weird "security" bahavior with SSL certificates
Operating Systems OS X (Apple) Weird "security" bahavior with SSL certificates Post 302386430 by prafulnama on Tuesday 12th of January 2010 12:30:43 PM
Old 01-12-2010
Question Weird "security" bahavior with SSL certificates
Hello,

I have been attempting to automate the addition of SSL certificates to keychains on a MAC using the "security" command. I've noticed two things, 1 of which I don't understand.

1. If I use something like
Code:
"security add-trusted-cert -d -k /System/Library/Keychains/SystemRootCertificates trustRoot "$CERTPATH"

, I get a dialog box to enter the password. Is there anyway I can add the certificate to a keychain (Doesn't matter which as long as it works with Safari) without the password prompt?

2. The strange part - In the above command, if I change the
Code:
/System/Library/Keychains/SystemRootCertificates to $USER/Library/Keychains/login.keychain

, I get the same prompt but even if I do not enter my password and exit from the dialog, the certificate gets added to the keychain (I checked from the GUI). Any idea what is happening?

I would appreciate any help with the above.

Thanks!
-p
Last edited by vbe; 07-14-2010 at 06:47 AM.. Reason: code tags
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Weird problem with output from "date '+3600*%H+60*%M+%S' "

Hi, I came across a script a few months ago that allowed you to use the following script to include the current time into your prompt (useful from auditting purposes): # Set Prompt typeset -RZ2 _x1 _x2 _x3 let SECONDS=$(date '+3600*%H+60*%M+%S')... (5 Replies)
Discussion started by: m223464
5 Replies

2. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

3. Shell Programming and Scripting

Shell Script to provide "answers" to SSL Cert Request

Hello, I need assistance with creating a shell script to generate SSL Certificate Requests on remote hosts. Below is my stab at this, but I cannot figure out how to pass the requested arguments into the openssl command correctly. I have a major problem with redirecting the "answers" into the... (2 Replies)
Discussion started by: azvelocat
2 Replies

4. UNIX for Dummies Questions & Answers

weird password popup on "admin" mentions

I had a site that sold stock photography and some guys I know set up a shopping cart and gallery system for it. One thing they did was give me an admin page (mysite.net/admin) where I could upload new images and change prices and all that. For that admin page they set a password popup prompt. I... (4 Replies)
Discussion started by: lex0062
4 Replies

5. Shell Programming and Scripting

find: "weird" regex behaviour

I have these two files in current dir: oos.txt oos_(copy).txt I execute this find command:find . -regex './oos*.txt'And this outputs only the first file (oos.txt)! :confused: Only if I add another asterisk to the find find . -regex './oos*.*txt' do I also get the second file... (7 Replies)
Discussion started by: courteous
7 Replies

6. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

7. Shell Programming and Scripting

Commenting out "expr" creates weird behavior

This really puzzles me. The following code gives me the error 'expr: syntax error' when I try to do multi-line comment using here document <<EOF echo "Sum is: `expr $1 + $2`" EOF Even if I explicitly comment out the line containing the expr using "#", the error message would still exist... (3 Replies)
Discussion started by: royalibrahim
3 Replies

8. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

9. Shell Programming and Scripting

Weird behavior of command "local"

Hi there, I'm running into a very weird situation. Let's forget about the purpose of my initial script please. I noticed the bug whatever I'm trying to do. I'm on an old server running bash 3.1.17. Say we have the following script : foo:~# cat /tmp/test #!/bin/bash f1() { local... (9 Replies)
Discussion started by: chebarbudo
9 Replies

10. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

LEARN ABOUT OSX

productsign

productsign(1)						    BSD General Commands Manual 					    productsign(1)

NAME

     productsign -- Sign an OS X Installer product archive

SYNOPSIS

     productsign [options] --sign identity input-product-path output-product-path

DESCRIPTION

     productsign adds a digital signature to a product archive previously created with productbuild(1).  Although you can add a digital signature
     at the time you run productbuild(1), you may wish to add a signature later, once the product archive has been tested and is ready to deploy.
     If you run productsign on a product archive that was previously signed, the existing signature will be replaced.

     To sign a product archive, you will need to have a certificate and corresponding private key -- together called an ``identity'' -- in one of
     your accessible keychains. To add a signature, specify the name of the identity using the --sign option. The identity's name is the same as
     the ``Common Name'' of the certificate.

     If you want to search for the identity in a specific keychain, specify the path to the keychain file using the --keychain option. Otherwise,
     the default keychain search path is used.

     productsign will embed the signing certificate in the product archive, as well as any intermediate certificates that are found in the key-
     chain. If you need to embed additional certificates to form a chain of trust between the signing certificate and a trusted root certificate
     on the system, use the --cert option to give the Common Name of the intermediate certificate. Multiple --cert options may be used to embed
     multiple intermediate certificates.

     The signature can optionally include a trusted timestamp. This is enabled by default when signing with a Developer ID identity, but it can be
     enabled explicitly using the --timestamp option. A timestamp server must be contacted to embed a trusted timestamp. If you aren't connected
     to the Internet, you can use --timestamp=none to disable timestamps, even for a Developer ID identity.

ARGUMENTS AND OPTIONS

     --sign identity-name
		 The name of the identity to use for signing the product archive.

     --keychain keychain-path
		 Specify a specific keychain to search for the signing identity.

     --cert certificate-name
		 Specify an intermediate certificate to be embedded in the product archive.

     --timestamp
		 Include a trusted timestamp with the signature.

     --timestamp=none
		 Disable trusted timestamp, regardless of identity.

     input-product-path
		   The product archive to be signed.

     output-product-path
		   The path to which the signed product archive will be written. Must not be the same as input-product-path.

SEE ALSO

     productbuild(1)

Mac OS								September 15, 2010							    Mac OS
All times are GMT -4. The time now is 04:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy