Skip to main content

We get the following error when trying to add a trusted certificate to the keychain from terminal:  

SecCertificateAddToKeychain: Write permissions error

 

We’ve tried with sudo and with that we get the following error after being prompted by the OS for an admin user name and password:  

SecTrustSettingsSetTrustSettings: The authorization was denied.

 

Any insights into how we can add certificates to the keystore would be greatly appreciated.  Thank you!

 

 

@mlajoie try to use the JIT admin option, that should do the trick.

 

I believe apple has changes the necessary permissions to work on the local certificates and EPM can’t target that anymore.


this is a good idea.  unfortunately, JIT admin isn’t an option for us right now.  any other way other than that?


@mlajoie i don’t think so, unless you use jamf or another mdm solution to input this certificate directly instead of doing manually.

As stated on KB0022296

“The EPM-M product cannot intercept prompts for private keys related to System Certificates. Apple OS security does not provide a way for third-party products like EPM-M to interact with certain prompts from Keychain.

For certificate deployment, it's recommended to use an MDM such as Jamf or Intune.”


Thank you so much.


I have a theory that I’m building out. If successful, I’ll be asking to open source it from our legal department.


Reply