Is there any way is there to make a cert set as Always Trust in system keychain through JAMF? I have few devices where Zscaler cert is not set as Always Trust when the device got the certificate from Zscaler.
Question
How to make a cert trust through JAMF
+9
+8Yes I've done this for Zscaler. Upload the cert you have installed on a device, into a Configuration Profile, on the certificatate payload. I have the tick box 'Allow all apps access' ticked. The cert will be deployed to any scoped devices and will show as Always Trust.
+4I have done this through a custom package using jamf composer
1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user
2) Use the following post install script when you create the package for pushing
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>
+3I have done this through a custom package using jamf composer
1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user
2) Use the following post install script when you create the package for pushing
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>
I, too have used Composer to build a pkg to distribute and install .cer. My sudo script is a bit different but basically the same as above. My issue is that upon installation, I get the following error in /var/log/install.log
./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer
How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\\ Support/JAMF/Waiting\\ Room/" directory so i can run the sudo command?
+4I, too have used Composer to build a pkg to distribute and install .cer. My sudo script is a bit different but basically the same as above. My issue is that upon installation, I get the following error in /var/log/install.log
./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer
How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\\ Support/JAMF/Waiting\\ Room/" directory so i can run the sudo command?
Dont put it in the waiting room, you can put it in private/tmp directory and use this path in the script.
+5Since I'm stuck here this my non-functionnal process and I dont know where I'm wrong. My ISE profile is always displayed as non trusted on end users keychains
1 > adding the certificate to my computer on Sytem level, everything is set to Trust
2 > Creating a signed profile with the certificate that will be deployed on the computer lever
3 > Creating a Configuration profile on Jamf and its properly sent to end users but as non trusted.
+1Since I'm stuck here this my non-functionnal process and I dont know where I'm wrong. My ISE profile is always displayed as non trusted on end users keychains
1 > adding the certificate to my computer on Sytem level, everything is set to Trust
2 > Creating a signed profile with the certificate that will be deployed on the computer lever
3 > Creating a Configuration profile on Jamf and its properly sent to end users but as non trusted.
Anyone one got that solved for ISE.
+5Anyone one got that solved for ISE.
Seems that it will be the same circus for the next certificate !
Since I'm stuck here this my non-functionnal process and I dont know where I'm wrong. My ISE profile is always displayed as non trusted on end users keychains
1 > adding the certificate to my computer on Sytem level, everything is set to Trust
2 > Creating a signed profile with the certificate that will be deployed on the computer lever
3 > Creating a Configuration profile on Jamf and its properly sent to end users but as non trusted.
It seems I'm in the same boat. Did you ever get this working?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.