We get the following error when trying to add a trusted certificate to the keychain from terminal:
SecCertificateAddToKeychain: Write permissions error
We’ve tried with sudo and with that we get the following error after being prompted by the OS for an admin user name and password:
SecTrustSettingsSetTrustSettings: The authorization was denied.
Any insights into how we can add certificates to the keystore would be greatly appreciated. Thank you!
I believe apple has changes the necessary permissions to work on the local certificates and EPM can’t target that anymore.
this is a good idea. unfortunately, JIT admin isn’t an option for us right now. any other way other than that?
As stated on KB0022296
“The EPM-M product cannot intercept prompts for private keys related to System Certificates. Apple OS security does not provide a way for third-party products like EPM-M to interact with certain prompts from Keychain.
For certificate deployment, it's recommended to use an MDM such as Jamf or Intune.”
Thank you so much.
I have a theory that I’m building out. If successful, I’ll be asking to open source it from our legal department.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
