Where are certificate trust settings stored?

When I tell Keychain Access to always trust a self-signed certificate for SSL, where is that setting stored?


I'm trying to automate network tests that involve connecting to a server with such a certificate. I have tried putting the certificate in a special keychain file that is added to the keychain search list before the test is run, but the fact that the certificate should be trusted for SSL does not appear to be stored in the keychain file: changing the setting does not change the modification date of the file, and copying the keychain file to a different machine does not copy its trusted status.


10.11 and 10.12.


Thanks!

Up vote post of JimMatthews Down vote post of JimMatthews
580 views
Posted by
JimMatthews
Reply
Add a Comment

Replies

Tried <user>/Library/Keychains ...?

Posted by
KMT
Up vote reply of KMT Down vote reply of KMT
Add a Comment

They’re actually stored in a trust store that’s separate from the keychain. I can’t remember the exact location but it doesn’t really matter in this case; you can use the 

add-trusted-cert
subcommand of 
security
to do this job.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment