Skip to main content

We get the following error when trying to add a trusted certificate to the keychain from terminal:  

SecCertificateAddToKeychain: Write permissions error

 

We’ve tried with sudo and with that we get the following error after being prompted by the OS for an admin user name and password:  

SecTrustSettingsSetTrustSettings: The authorization was denied.

 

Any insights into how we can add certificates to the keystore would be greatly appreciated.  Thank you!

 

 

@mlajoie try to use the JIT admin option, that should do the trick.

 

I believe apple has changes the necessary permissions to work on the local certificates and EPM can’t target that anymore.

this is a good idea.  unfortunately, JIT admin isn’t an option for us right now.  any other way other than that?

@mlajoie i don’t think so, unless you use jamf or another mdm solution to input this certificate directly instead of doing manually.

As stated on KB0022296

“The EPM-M product cannot intercept prompts for private keys related to System Certificates. Apple OS security does not provide a way for third-party products like EPM-M to interact with certain prompts from Keychain.

For certificate deployment, it's recommended to use an MDM such as Jamf or Intune.”

Thank you so much.

I have a theory that I’m building out. If successful, I’ll be asking to open source it from our legal department.

Reply


Badge Earners

  • BCSE: Identity Security Insights
    CDashhas earned the badge BCSE: Identity Security Insights
  • BCA: Password Safe
    Martin_Acostahas earned the badge BCA: Password Safe
  • BCA: Endpoint Privilege Management - Mac
    jchewhas earned the badge BCA: Endpoint Privilege Management - Mac
  • BCA: AD Bridge
    safaey.atefhas earned the badge BCA: AD Bridge
  • BCIE: Privileged Remote Access
    Enrique-Corehas earned the badge BCIE: Privileged Remote Access
Show all badges
Terms & ConditionsCookie settings