I can use /usr/bin/security to install a root CA, and to delete it (based on the file)... but how do I check to see if it's installed already? Surely there is a way to do this, other than security find-certificate -a | fgrep my.ca.name? Ideally from the shell level, but if I have to write a program I can (in which case I believe it'd be a relatively easy, albeit annoying because I hate writing certificate code, task)...
Oooh, so using security dump-trust-settings -s -d shows our certificate... but doesn't provide any actual information about it. This is a bit better than using security find-certificate -a | fgrep, but... is there a better way still? Ideally I actually want to see if the new certificate matches what's installed, and if so then do nothing.
haha self-deprecation is not allowed here, I see! :)