macOS Big Sur broke a couple of my scripts. After some troubleshooting, here is what I have found so far.
Adding Certificates to a Keychain Using Keychain Access
Certificate trust changes now require administrator approval and password confirmation for non-admin trust domains. If you have scripts calling /usr/bin/security add-trusted-cert -d as root, or using the SecTrustSettingsSetTrustSettings API, you will need to account for these changes.
To add a certificate manually through Keychain Access:
- Open the Keychain Access app and select either the login or System keychain.
- Drag the certificate file onto the Keychain Access app.
- If prompted, enter the name and password of an administrator account on the computer.
Sources: