I have done this through a custom package using jamf composer
1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user
2) Use the following post install script when you create the package for pushing
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>
I, too have used Composer to build a pkg to distribute and install .cer. My sudo script is a bit different but basically the same as above. My issue is that upon installation, I get the following error in /var/log/install.log
./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer
How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\ Support/JAMF/Waiting\ Room/" directory so i can run the sudo command?