Automatically trust updated domain certificates on MacOS

Eric Kawaler
Eric Kawaler used Ask the Experts™
I work for a large company and our security certificates update regularly. Sometimes we get prompted to accept the new ones, but not always. For example; our rootca was updated a few months ago and when the old one expired users could not use Outlook of Skype for Business. Even if they got the new cert it would be marked as untrusted.  What we are trying to figure out is if there is a way to force MacOS to recognize when there is a new certificate available or if there is a way to use scripting to automatically trust new certificate for our domain.  We do not have any infrastructure to deploy configuration profiles and there is no foreseeable intentions to implement anything. What are our options?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Infrastructure Services
Since your cert is not trusted, I would assume you are using a self sign cert.  And because there is no plan to deploy or implement anything, the best option I can think of is to purchase a certificate which is signed by a trusted Certificate Authority(CA).  Something like VeriSign or GlobalSign, etc.  Most reputable CA would have their root cert already installed on the MacOS.
We are using GlobalSign for the company. It performs CA upgrade every time. Perhaps, you need to check the list of available certificates on and MacOS study questions reviews.
What have you been using so far?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial