I'm on macOS 10.15.6. My application is 100% Swift right now, but I'm comfortable enough with Objective-C if that is needed.
When I visit a page using a self-signed certificate in Safari, I get the expected "This Connection Is Not Private" message. If I hit Show Details > visit this website > Visit Website, the certificate is added to my Keychain. It has a little blue circle with a white + in it. When I double-click the certificate, it gives me the details. One of them, just under the expiration date at the top, is:
I'm making a tool which talks to an API over HTTPS. Some of the servers running this API use the same certificate for a web UI to manage the application. When I visit the page in Safari and trust the certificate there, my application trusts it with no further fuss. I would like the same behavior in the other direction. If a user happens to connect to the server with my application first, I would like to add the certificate to the Keychain in such a way that Safari would also be able to use it for the same server.
When I visit a page using a self-signed certificate in Safari, I get the expected "This Connection Is Not Private" message. If I hit Show Details > visit this website > Visit Website, the certificate is added to my Keychain. It has a little blue circle with a white + in it. When I double-click the certificate, it gives me the details. One of them, just under the expiration date at the top, is:
Is there a public API to add certificates like this with my own software? Or to add this property to an existing certificate?This certificate is marked as trusted for "<IP address>"
I'm making a tool which talks to an API over HTTPS. Some of the servers running this API use the same certificate for a web UI to manage the application. When I visit the page in Safari and trust the certificate there, my application trusts it with no further fuss. I would like the same behavior in the other direction. If a user happens to connect to the server with my application first, I would like to add the certificate to the Keychain in such a way that Safari would also be able to use it for the same server.