Passing Curiosity: Posts tagged curl https://passingcuriosity.com/tags/curl/curl.xml Thomas Sutton me@thomas-sutton.id.au 2024-01-20T00:00:00Z Extract a CA certificate bundle from macOS Keychain https://passingcuriosity.com/2024/export-keychain-certificates-to-pem/ 2024-01-20T00:00:00Z 2024-01-20T00:00:00Z How to generate a PEM file containing the trusted CA certificates in your macOS Keychain. As described in this answer on Stack Exchange you can use the security tool added in Mac OS X 10.3:

security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain > cacerts.pem

security find-certificate -a -p /Library/Keychains/System.keychain >> cacerts.pem

If there are missing CA certificates you need to trust, just append them to the end of the file:

cat MyTlsStrippingCorporateProxyCA.pem >> cacerts.pem

You can store the cacerts.pem file somewhere convenient – maybe somewhere under ~/Library/ would be sensible on macOS – and then export the many and varied environment variables that will configure various tools to use the file:

export AWS_CA_BUNDLE="$HOME/Library/cacerts.pem"
export CURL_CA_BUNDLE="$HOME/Library/cacerts.pem"
export HTTPLIB2_CA_CERTS="$HOME/Library/cacerts.pem"
export REQUESTS_CA_BUNDLE="$HOME/Library/cacerts.pem"
export SSL_CERT_FILE="$HOME/Library/cacerts.pem"
export NODE_EXTRA_CA_CERTS="$HOME/Library/cacerts.pem"
]]>