diff --git a/Changelog.md b/Changelog.md
index e089bb0b..4b13ff22 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -6,6 +6,8 @@ Changelog [format](http://keepachangelog.com/en/1.0.0/)
 
 ### Changed
 * GODT-409 Set flags have to replace all flags.
+* GODT-531 Better way to add trusted certificate in macOS.
+
 
 ## [v1.3.x] Emma (beta 2020-07-XXX)
 
diff --git a/Makefile b/Makefile
index d1e33df1..77adc51d 100644
--- a/Makefile
+++ b/Makefile
@@ -55,7 +55,6 @@ ${DEPLOY_DIR}/linux: ${EXE_TARGET}
 
 ${DEPLOY_DIR}/darwin: ${EXE_TARGET}
 	cp ./internal/frontend/share/icons/Bridge.icns ${DARWINAPP_CONTENTS}/Resources/
-	cp -r "utils/addcert.scpt" ${DARWINAPP_CONTENTS}/Resources/
 	cp LICENSE ${DARWINAPP_CONTENTS}/Resources/
 	rm -rf "${DARWINAPP_CONTENTS}/Frameworks/QtWebEngine.framework"
 	rm -rf "${DARWINAPP_CONTENTS}/Frameworks/QtWebView.framework"
diff --git a/pkg/config/tls.go b/pkg/config/tls.go
index 180b63e3..2bf5b023 100644
--- a/pkg/config/tls.go
+++ b/pkg/config/tls.go
@@ -29,7 +29,6 @@ import (
 	"net"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"runtime"
 	"time"
 )
@@ -71,14 +70,16 @@ func GetTLSConfig(cfg tlsConfiger) (tlsConfig *tls.Config, err error) {
 		}
 
 		if runtime.GOOS == "darwin" {
-			// If this fails, log the error but continue to load.
-			if binaryPath, err := os.Executable(); err == nil {
-				macOSPath := filepath.Dir(binaryPath)
-				contentsPath := filepath.Dir(macOSPath)
-				resourcesPath := filepath.Join(contentsPath, "Resources", "addcert.scpt")
-				if err := exec.Command("/usr/bin/osascript", resourcesPath).Run(); err != nil { // nolint[gosec]
-					log.WithError(err).Error("Failed to add cert to system keychain")
-				}
+			if err := exec.Command( // nolint[gosec]
+				"execute-with-privileges",
+				"/usr/bin/security",
+				"add-trusted-cert",
+				"-r", "trustRoot",
+				"-p", "ssl",
+				"-k", "/Library/Keychains/System.keychain",
+				certPath,
+			).Run(); err != nil {
+				log.WithError(err).Error("Failed to add cert to system keychain")
 			}
 		}
 	}
diff --git a/utils/addcert.scpt b/utils/addcert.scpt
deleted file mode 100644
index dae42690..00000000
Binary files a/utils/addcert.scpt and /dev/null differ