security settings

   verify-cert [-c certFile] [-r rootCertFile] [-p policy] [-k keychain] [-n] [-L] [-l] [-e emailAddress]
   [-s sslHost] [-q]
          Verify one or more certificates.

          -c certFile     Certificate to verify, in DER or PEM format. Can be specified more than once; leaf
                          certificate has to be specified first.
          -r rootCertFile
                          Root certificate, in DER or PEM format. Can be specified more than once. If not
                          specified, the system anchor certificates are used. If one root certificate is
                          specified, and zero (non-root) certificates are specified, the root certificate is
                          verified against itself.
          -p policy       Specify verification policy (ssl, smime, codeSign, IPSec, iChat, basic, swUpdate,
                          pkgSign, pkinitClient, pkinitServer, eap). Default is basic.
          -k keychain     Keychain to search for intermediate certs. Can be specified multiple times.
                          Default is the current user’s keychain search list.
          -n              Avoid searching any keychains.
          -L              Use local certificates only. If an issuing CA certificate is missing, this option
                          will avoid accessing the network to fetch it.
          -l              Specifies that the leaf certificate is a CA cert. By default, a leaf certificate
                          with a Basic Constraints extension with the CA bit set fails verification.
          -e emailAddress
                          Specify email address for the smime policy.
          -s sslHost      Specify SSL host name for the ssl policy.
          -q              Quiet, no stdout or stderr.


security> verify-cert -c applestore0.cer -c applestore1.cer -p ssl -s

security> verify-cert -r serverbasic.crt

“Even in the common affairs of life, in love, friendship, and marriage, how little security have we when we trust our happiness in the hands of others!” ~ William Hazlitt (On Living to One’s-Self)

Related macOS commands

security - Administer Keychains, keys, certificates and the Security framework.
codesign - Create and manipulate code signatures.

Copyright © 1999-2024
Some rights reserved