Skip to main content

Hi all!

In our new environment that we are setting up with Jamf Connect we are unable to create MDM Capable Users. This takes the option away to deploy certificates, in this case a user certificate, in our Login Keychain.

The known workarounds for making users created with Jamf Connect MDM Capable Users are not something we can use in our environment. Because of this I was looking for different solutions and I found out that you are able to perform actions on the Keychain with AppleScript

Example:

tell application "Keychain Scripting" to tell keychain "login.keychain"



...

end tell

Now I'm wondering if it would be possible to move our User certificate from the System Keychain to the Login Keychain with AppleScript. Or maybe someone knows a different solution for getting our User certificate in the Login Keychain without user interaction?

 

Facing the same issue here, please log a feedback with Apple hopefully they will take notice if enough noise is made.

You could write something using the security binary (https://ss64.com/osx/security.html) to export and import certificates between keychains, however this comes with some serious limitation as the certificate would need to be marked as exportable and it would need to handle renewals.

Facing the same issue here, please log a feedback with Apple hopefully they will take notice if enough noise is made.

You could write something using the security binary (https://ss64.com/osx/security.html) to export and import certificates between keychains, however this comes with some serious limitation as the certificate would need to be marked as exportable and it would need to handle renewals.


Hey Keywan,

Thank you for your input. It would indeed be a big improvement. For now we have to deal with the workaround and let our users do the installation and used the pre-filled account information option to be able to create 1 MDM Capable User.

Reply


Terms & ConditionsCookie settings