I'm developing an app which with every restart generates new self-signed root certificate. Safari on my macOS always asks whether I want to proceed.
How can I make safari always trust any certificates from localhost?
3
-
Can your build process use a CA that you create to generate the daily TLS certificates? Then you only have to approve one parent certificate, no? developer.apple.com/documentation/network/…– bmike ♦Commented Aug 5 at 13:54
-
1Yes, that's a good idea, though I've managed to solve the initial problem with code, creating always the same certificate while developing locally.– boltCommented Aug 5 at 17:30
-
stackoverflow.com/q/64521474/6230282– DannyNiuCommented Aug 6 at 1:35
Add a comment
|
1 Answer
The certificate needs to be signed by a trusted root certificate; I suspect your application is not obtaining the certificate this way.
Assuming the application generates a self-signed root certificate, the new certificate needs to be marked as trusted in macOS's Keychain. This can be done using the security command line tool or through the Keychain Access application.
See Applescript or Automator service that automatically trusts certificates for a related question about automating the trusting of a root certificate.
For adding the certificate:
- Import certificates into the System Keychain via the command line
- Trusting Certificates in System Keychain without Prompting (pre-macOS 11, aka Big Sur)
For local development, consider using a local Certificate Authority (CA) such as mkcert.
-
So the idea is to run
securitycommand (automatically) after each run, and this command will add certificate to keychain?– boltCommented Aug 5 at 9:33 -
1Yes, I have added two links that cover importing certificates via the command line tool. Expect the user to always be prompted for their credentials. Commented Aug 5 at 9:41