Skip to main content
Question

Any way to search Inventory for specific certificates installed on machines?

  • July 30, 2012
  • 4 replies
  • 28 views
M
Forum|alt.badge.img+1

Hi All!

We are just in the process of upgrading our Casper to 8.6 from 8.1 - specifically for 10.8 support. To turn on the managed preferences portion of 10.7 / 10.8 support, we needed a valid certificate.

We have an AD environment, with '03 ISA servers for our CA, but I think we are wanting to go down the path of using the self signed certificate from the Apache / JSS server. We have a working package to install the root certificate into the system, and set trusted level.. but as an added precaution before we turn on certificate level auth, we would like to do a search of all the managed systems that have that certificate installed. We can see the installed certificates in the computer details --> Certificate, but there is no option for certificates when creating the advanced search criteria...

Any ideas? (Yes I know we could look at the logs for when the certificate package was sent down, just thought that if the info is already availble in the JSS, someone might be able to pull that data out)

    4 replies

    G
    Forum|alt.badge.img+8
    • glutz
    • Contributor
    • July 30, 2012

    Did you install them as a package? you have package receipts that would tell you if and when it was installed and on who.

    Create a Advanced Computer Search with the criteria of
    "Packages Installed By Casper --> Has --> <package installed>"

    M
    Forum|alt.badge.img+5
    • mpro
    • New Contributor
    • April 4, 2014

    This is the closest thread to what I'm currently looking for. I have an AD Certificate that was pushed out through a Configuration Profile, but half have succeeded and half have failed. Currently, the JSS cannot give me a detailed report on which machines are under which status (successful, failed, or pending), and at over 100 devices, I can't confirm which ones succeeded and which ones failed easily. Does anyone else know if there is a way to search for and identify machines that have a specific certificate?

    P
    Forum|alt.badge.img+12
    • pat_best
    • Contributor
    • April 4, 2014

    My scripting is pretty weak, but couldn't an extension attribute be set up to read the presence of the certificate and a smart group created from there? You can use the certtool command to display cert information if you know the infilename. Maybe that can get you started? here is the man page for certtool: https://developer.apple.com/library/mac/Documentation/Darwin/Reference/ManPages/man1/certtool.1.html

    A
    Forum|alt.badge.img+12
    • acdesigntech
    • Contributor
    • April 6, 2014

    yes, use the security framework to check for the existence of xyz cert in the system keychain (assuming you're looking for a cert in the system keychain and not the user keychain)

    Terms & ConditionsCookie settingsAccessibility statement