RootCert EXTA?

Question

Hello JAMF members,

Trying to create a EXTA to tell me if our Macbooks have our RootCA cert or not.

I have managed to use the following Terminal command:

security find-cert -c ISD720CA

Which returns the following:

keychain: "/Users/clee/Library/Keychains/login.keychain"
class: 0x80001000 
attributes:
    "alis"<blob>="ISD720CA"
    "cenc"<uint32>=0x00000003 
    "ctyp"<uint32>=0x00000001 
    "hpky"<blob>=0x8C007403A13DB2618B964760D37694CB4175B796  "21400t03241=262a213226G`323v224313Au267226"
    "issu"<blob>=0x304031133011060A0992268993F22C6401191603434F4D31163014060A0992268993F22C64011916064953443732303111300F060355040313084953443732304341  "0@123021061211222&211223362,d01312603COM126024061211222&211223362,d01312606ISD7201210170603U04032310ISD720CA"
    "labl"<blob>="ISD720CA"
    "skid"<blob>=0x8C007403A13DB2618B964760D37694CB4175B796  "21400t03241=262a213226G`323v224313Au267226"
    "snbr"<blob>=0x3F830DCC8E55178F41951E7AA14C2ECD  "?20315314216U27217A22536z241L.315"
    "subj"<blob>=0x304031133011060A0992268993F22C6401191603434F4D31163014060A0992268993F22C64011916064953443732303111300F060355040313084953443732304341  "0@123021061211222&211223362,d01312603COM126024061211222&211223362,d01312606ISD7201210170603U04032310ISD720CA"

All I want the EXTA to say is if alis = "ISD720CA" then TRUE else FALSE

Any help is greatly appreciated.

Thanks

thoule · Answer

1) #!/bin/sh2) certExists=`security find-cert -c ISD720CA 2>/dev/null`3) if [ -z $certExists ]; then4) echo "No Cert"5) else6) echo "ISD720CA is Installed"7) fi1- Dear computer, this is a shell script. Execute it with sh2- Dump security command output into 'certExists' variable. "2>/dev/null" means suppress error messages3- If certExists is null (variable is empty)4- Echo No Cert in result tags - that's what Extension attributes look for5-7- Else echo "is installed" and close the if statement.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded