I added the cert of an inside the firewall server to my System keychain with a "always trust" setting (but changing it doesn't appear to affect anything).
This gives me a pass result:
nscurl --ats-diagnostics https://internal.domain.com
This gives me a fail result:
sudo nscurl --ats-diagnostics https://internal.domain.com
The process which needs to communicate with the server is a launchdaemon, so I need the sudo version to work.
Is there something I don't understand/am doing wrong, or is this as designed?
Thanks.