From 68eb627d628a2c98f11962e1b35407b00001fd6c Mon Sep 17 00:00:00 2001
From: hiska <hiska@hiska.net>
Date: Mon, 6 Mar 2017 11:09:12 +0900
Subject: [PATCH 1/2] deploy for OSX Keychain

---
 deploy/keychain.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 deploy/keychain.sh

diff --git a/deploy/keychain.sh b/deploy/keychain.sh
new file mode 100644
index 00000000..a99ed465
--- /dev/null
+++ b/deploy/keychain.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env sh
+
+#Here is a sample custom api script.
+#This file name is "myapi.sh"
+#So, here must be a method   myapi_deploy()
+#Which will be called by acme.sh to deploy the cert
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+keychain_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  /usr/bin/security import "$_ckey" -k "/Library/Keychains/System.keychain"
+  /usr/bin/security import "$_ccert" -k "/Library/Keychains/System.keychain"
+  /usr/bin/security import "$_cca" -k "/Library/Keychains/System.keychain"
+  /usr/bin/security import "$_cfullchain" -k "/Library/Keychains/System.keychain"
+
+  return 0
+}

From bce11af09ae31284afc0d07e6205113f5390b207 Mon Sep 17 00:00:00 2001
From: hiska <hiska@hiska.net>
Date: Wed, 8 Mar 2017 08:00:17 +0900
Subject: [PATCH 2/2] Update README.md for OSX Keychain

---
 deploy/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deploy/README.md b/deploy/README.md
index 4a13e096..d8c2f57c 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -72,3 +72,8 @@ export DEPLOY_EXIM4_RELOAD="/etc/init.d/exim4 restart"
 acme.sh --deploy -d ftp.example.com --deploy-hook exim4
 ```
 
+## 6. Deploy the cert to OSX Keychain
+
+```sh
+acme.sh --deploy -d ftp.example.com --deploy-hook keychain
+```