Command line interface to macOS keychains and Security framework.
# To list the available keychains:
security list-keychains
# To delete a specific keychain:
security delete-keychain <path>
# To create a keychain:
security create-keychain -p <password> <keychain.name>
# To set a certificate to use with a website or [s]ervice by its [c]ommon name (fails if several certificates with the same common name exist):
security set-identity-preference -s <URL|hostname|service> -c "<common_name>" <path/to/file.keychain>
# To add a certificate from file to a [k]eychain (if -k isn't specified, the default keychain is used):
security add-certificates -k <keychain.name> <path/to/file.pem>
# ---
# To dump the contents of the System Root Certificates Keychain:
sudo security dump-keychain /System/Library/Keychains/SystemRootCertificates.keychain
# To delete a System Root Certificate by its SHA-1 hash value:
sudo security delete-certificate -Z <sha1_value> /System/Library/Keychains/SystemRootCertificates.keychain
# To list all installed certificates for a given Keychain (or the System Keychain if run as root and no Keychain is specified):
security find-certificate -a | awk -F'"' '/labl/{print $4}'