We get the following error when trying to add a trusted certificate to the keychain from terminal:
SecCertificateAddToKeychain: Write permissions error
We’ve tried with sudo and with that we get the following error after being prompted by the OS for an admin user name and password:
SecTrustSettingsSetTrustSettings: The authorization was denied.
Any insights into how we can add certificates to the keystore would be greatly appreciated. Thank you!
Best answer by Paulo144
As stated on KB0022296
“The EPM-M product cannot intercept prompts for private keys related to System Certificates. Apple OS security does not provide a way for third-party products like EPM-M to interact with certain prompts from Keychain.
For certificate deployment, it's recommended to use an MDM such as Jamf or Intune.”
+5
I believe apple has changes the necessary permissions to work on the local certificates and EPM can’t target that anymore.
this is a good idea. unfortunately, JIT admin isn’t an option for us right now. any other way other than that?
+5
As stated on KB0022296
“The EPM-M product cannot intercept prompts for private keys related to System Certificates. Apple OS security does not provide a way for third-party products like EPM-M to interact with certain prompts from Keychain.
For certificate deployment, it's recommended to use an MDM such as Jamf or Intune.”
I have a theory that I’m building out. If successful, I’ll be asking to open source it from our legal department.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
