starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #322] failed to execute "security add-trusted-cert" #206

New issue
Closed
opened 2026-02-25 22:32:51 +03:00 by kerem · 7 comments
kerem commented 2026-02-25 22:32:51 +03:00
Owner
Copy link

Originally created by @eni9889 on GitHub (Dec 23, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/322

I am running

mkcert -install

under rosetta 2 on an M1 and em getting this output:

Sudo password:
ERROR: failed to execute "security add-trusted-cert": exit status 1

SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid.
Originally created by @eni9889 on GitHub (Dec 23, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/322 I am running ``` mkcert -install ``` under rosetta 2 on an M1 and em getting this output: ``` Sudo password: ERROR: failed to execute "security add-trusted-cert": exit status 1 SecTrustSettingsSetTrustSettings: One or more parameters passed to a function were not valid. ```
kerem 2026-02-25 22:32:51 +03:00
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Jan 24, 2021):

I can't reproduce this. mkcert -install works for me under Rosetta 2 on a M1 in macOS 11.2.

Can you provide more details?

<!-- gh-comment-id:766370431 --> @FiloSottile commented on GitHub (Jan 24, 2021): I can't reproduce this. `mkcert -install` works for me under Rosetta 2 on a M1 in macOS 11.2. Can you provide more details?
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Jan 24, 2021):

@eni9889 some time has passed since your original post, and in the meantime M1 homebrew has started supporting most things, so I recommend getting rid of any homebrew you may have installed and then installing M1 homebrew (it goes in /opt/homebrew) and then installing the Apple Silicon mkcert with brew install mkcert and try that.

I have no trouble with any version of mkcert in M1, but this is the one to use right now.

<!-- gh-comment-id:766372758 --> @rfay commented on GitHub (Jan 24, 2021): @eni9889 some time has passed since your original post, and in the meantime M1 homebrew has started supporting most things, so I recommend getting rid of any homebrew you may have installed and then installing M1 homebrew (it goes in /opt/homebrew) and then installing the *Apple Silicon* mkcert with `brew install mkcert` and try that. I have no trouble with any version of mkcert in M1, but this is the one to use right now.
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@timsutton commented on GitHub (Jun 25, 2021):

Does this work in a fully-automated manner on the M1? One of the major security-related changes in Big Sur was to no longer allow fully-automated root certs trusting. In the release notes

Security
New Features
macOS Big Sur 11 beta improves system security by requiring an administrator password when a certificate trust settings change is made in the admin trust domain. Running as the root user alone is no longer sufficient to modify certificate trust. User trust domain settings continue to require confirmation by entering the password for the user’s account. This change may affect you if one of the following is true:

You have written scripts which call /usr/bin/security add-trusted-cert -d ... as root.

Your process runs as root and calls the SecTrustSettingsSetTrustSettings function to trust a certificate.

Workflows that add trust settings in the admin trust domain, such as for an enterprise root certificate, may require modification if the user can’t authenticate as an administrator at the time settings are changed. (21855995)

Workaround: Use Apple Configurator 2 to create and install a configuration profile containing your root certificate.
<!-- gh-comment-id:868822285 --> @timsutton commented on GitHub (Jun 25, 2021): Does this work in a fully-automated manner on the M1? One of the major security-related changes in Big Sur was to no longer allow fully-automated root certs trusting. In the [release notes](https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes) ``` Security New Features macOS Big Sur 11 beta improves system security by requiring an administrator password when a certificate trust settings change is made in the admin trust domain. Running as the root user alone is no longer sufficient to modify certificate trust. User trust domain settings continue to require confirmation by entering the password for the user’s account. This change may affect you if one of the following is true: You have written scripts which call /usr/bin/security add-trusted-cert -d ... as root. Your process runs as root and calls the SecTrustSettingsSetTrustSettings function to trust a certificate. Workflows that add trust settings in the admin trust domain, such as for an enterprise root certificate, may require modification if the user can’t authenticate as an administrator at the time settings are changed. (21855995) Workaround: Use Apple Configurator 2 to create and install a configuration profile containing your root certificate. ```
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Jun 25, 2021):

We use mkcert in ddev just fine on the mac M1, just like every other place. It's available via homebrew on the mac M1 as well.

<!-- gh-comment-id:868826724 --> @rfay commented on GitHub (Jun 25, 2021): We use mkcert in ddev just fine on the mac M1, just like every other place. It's available via homebrew on the mac M1 as well.
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@rfay commented on GitHub (Dec 23, 2021):

I was able to solve this on Github Actions CI using sudo security authorizationdb write com.apple.trust-settings.admin allow

Found this answer in https://github.com/actions/virtual-environments/issues/4519#issuecomment-970202641

<!-- gh-comment-id:1000437018 --> @rfay commented on GitHub (Dec 23, 2021): I was able to solve this on Github Actions CI using `sudo security authorizationdb write com.apple.trust-settings.admin allow` Found this answer in https://github.com/actions/virtual-environments/issues/4519#issuecomment-970202641
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@fouss commented on GitHub (Apr 8, 2022):

same issue here, any update ?

<!-- gh-comment-id:1092530014 --> @fouss commented on GitHub (Apr 8, 2022): same issue here, any update ?
kerem commented 2026-02-25 22:32:52 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Apr 28, 2022):

Duplicate of #415. Thank you for finding the release notes about it.

<!-- gh-comment-id:1112101947 --> @FiloSottile commented on GitHub (Apr 28, 2022): Duplicate of #415. Thank you for finding the release notes about it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#206
No description provided.