User profile for user: LSmachul
LSmachul Author
User level: Level 1
4 points

How to set 'Always Trust' for imported .pfx certificate in Keychain via CLI?

Hi, I am building a script that will automatically set up wifi certificates in user's login.keychain.

I need this functionality:

1) Import wifi-ca.crt to login.keychain with EAP as Always trust.

2) Import encrypted .pfx to login.keychain.

3) Change Trust settings for the pfx imported in previous step.

My script looks like this rn:

# CA Import
info "Importing CA…"
security add-trusted-cert -d -p eap -k ~/Library/Keychains/login.keychain-db "$CA_FILE" || fail "Import CA selhal."

# PFX Import
info "Importuji osobní certifikát (.pfx)…"
security import "$PFX_FILE" -k ~/Library/Keychains/login.keychain-db -P "$KEY_PASS" -A || fail "Import osobního certifikátu selhal."

# Trust Settings for PFX
info "Nastavuji Always Trust pro osobní certifikát…"
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain-db "$CERT_FILE" || fail "Nastavení trustu pro osobní certifikát selhalo."


First 2 steps work just fine, but I have no idea what I am doing wrong in the third one, or is there a different way to achieve this? add-trusted-cert does not work for .pfx



[Re-Titled by Moderator]

Original Title: Keychain Settings Via CLI

Posted on Sep 14, 2025 08:15 AM

Reply

There are no replies.

How to set 'Always Trust' for imported .pfx certificate in Keychain via CLI?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up