How to make new certificate recognised?
Solution 1:
Copy the certificate to the client (in DER or PEM format), then run:
sudo security add-trusted-cert -d /path/to/certificate
At least, that works for SSL certificates; I haven't tried it for code signing. You might need to add -p codeSign
or something similar. Also, this sets a trust policy for the certificate, but doesn't actually add it to the system keychain. If you want it to appear there as well, you also need to run:
sudo security add-certificate -k /Library/Keychains/System.keychain /path/to/certificate