truststore icon indicating copy to clipboard operation
truststore copied to clipboard
verified publisher icon smallstep

CA not installed for Firefox on MacOS Big Sur

Open tnyeanderson opened this issue 3 years ago • 1 comments

Problem

Using command:

step certificate install --all $certpath

This works for the system trust store, but not for Firefox (or curl but I think that's a separate issue). There is no error message and exit code is 0.

When run with --firefox --no-system it still gives the Certificate xyz has been installed success message even though the cert is not actually added to the firefox trust store.

May try to dig into the code and investigate if I have time this week.

Versions

Smallstep CLI v0.22.0 (installed with brew install step)

Pretty fresh Big Sur 11.7.1 installation, already logged into Firefox before running the step command.

Firefox v106.0.5

tnyeanderson avatar Nov 06 '22 04:11 tnyeanderson

In case you want to investigate, we look for firefox profiles in:

https://github.com/smallstep/truststore/blob/68f087e31c8fd99939e64b896a47b657eae2c8ab/truststore_darwin.go#L19

And then by default we use certutil, it can be installed with (brew install nss), to install the cert in all profiles:

https://github.com/smallstep/truststore/blob/68f087e31c8fd99939e64b896a47b657eae2c8ab/truststore_nss.go#L83-L105

maraino avatar Nov 09 '22 02:11 maraino