Remove trusted certificate on Mac

bartizan · bartizan · commit 1ada2184de88 · 2025-06-06T14:30:12.000+03:00
diff --git a/dev-proxy/CommandHandlers/CertRemoveCommandHandler.cs b/dev-proxy/CommandHandlers/CertRemoveCommandHandler.cs
@@ -2,8 +2,11 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using DevProxy.Abstractions;
 using System.CommandLine;
 using System.CommandLine.Invocation;
+using System.Diagnostics;
+using Titanium.Web.Proxy.Helpers;
 
 namespace DevProxy.CommandHandlers;
 
@@ -30,6 +33,7 @@ public static void RemoveCert(ILogger logger, InvocationContext invocationContex
 
             logger.LogInformation("Uninstalling the root certificate...");
 
+            RemoveTrustedCertificateOnMac();
             ProxyEngine.ProxyServer.CertificateManager.RemoveTrustedRootCertificate(machineTrusted: false);
 
             logger.LogInformation("DONE");
@@ -65,4 +69,25 @@ private static bool PromptConfirmation(string message, bool defaultValue)
             }
         }
     }
+
+    private static void RemoveTrustedCertificateOnMac()
+    {
+        if (!RunTime.IsMac)
+        {
+            return;
+        }
+
+        var bashScriptPath = Path.Join(ProxyUtils.AppFolder, "remove-cert.sh");
+        ProcessStartInfo startInfo = new()
+        {
+            FileName = "/bin/bash",
+            Arguments = bashScriptPath,
+            UseShellExecute = false,
+            CreateNoWindow = true,
+        };
+
+        var process = new Process() { StartInfo = startInfo };
+        process.Start();
+        process.WaitForExit();
+    }
 }
diff --git a/dev-proxy/dev-proxy.csproj b/dev-proxy/dev-proxy.csproj
@@ -62,6 +62,9 @@
     <None Update="devproxy-errors.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="remove-cert.sh">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="toggle-proxy.sh">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
diff --git a/dev-proxy/remove-cert.sh b/dev-proxy/remove-cert.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -e
+
+if [ "$(uname -s)" != "Darwin" ]; then
+  echo "Error: this shell script should be run on macOS."
+  exit 1
+fi
+
+echo -e "\nRemove the self-signed certificate from your Keychain."
+
+cert_name="Dev Proxy CA"
+cert_filename="dev-proxy-ca.pem"
+
+# export cert from keychain to PEM
+echo "Exporting '$cert_name' certificate..."
+security find-certificate -c "$cert_name" -a -p > "$cert_filename"
+
+# add trusted cert to keychain
+echo "Removing Dev Proxy trust settings..."
+security remove-trusted-cert "$cert_filename"
+
+# remove exported cert
+echo "Cleaning up..."
+rm "$cert_filename"
+echo -e "\033[0;32mDONE\033[0m\n"
