provide latest OS root certificates via port?

Al Varnell alvarnell at mac.com
Sat Oct 30 12:49:11 UTC 2021


I see that I already have the latest ISRG Root X1 certificate in the System Roots keychain, so not sure why I would need to add it to my System keychain.

And when I went to https://letsencrypt.org/certs/isrgrootx1.pem <https://letsencrypt.org/certs/isrgrootx1.pem> to download, it showed up as a .cer instead of a .pem.

-Al-

> On Oct 29, 2021, at 10:25 PM, Michael <keybounce at gmail.com <mailto:keybounce at gmail.com>> wrote:
> 
> So I found this advice online for updating certs without having to worry about trusting expired old certs.
> 
> 1. Visit https://letsencrypt.org/certs/isrgrootx1.pem <https://letsencrypt.org/certs/isrgrootx1.pem> to download the certificate, and save it in the Documents folder.
> 
> 2. Open Terminal, paste this command, and press enter:
> 
> sudo security -v add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" ~/Documents/isrgrootx1.pem
> 
> This eliminates the need for marking the expired DST root as special-case trusted.

         
Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary>, the email extension that does it all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20211030/f2a6852e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4376 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20211030/f2a6852e/attachment.bin>


More information about the macports-users mailing list