I'm a Windows engineer, setting up a Active Directory PKI, but know very little about Macs. I'm aware of how to install root certificates into the system keychain using:
sudo security add-trusted-cert -d -r trustRoot -k \Library\Keychains\System.keychain rootca.crt
However, I'm not too clear on how to install a subordinate CA's certificate (that was issued by the root CA).
Do I simply use the exact same command, or would i use add-certificates
instead?
What is the difference between the resultypes: trustRoot
, trustAsRoot
, unspecified
?
Best Answer
Since the subordinate CA's certificate is already "trusted" due to the root CA's cert being in the System Roots, you just need to use the add-certificates command, specifying the System keychain.