How to make a cert trust through JAMF

Asifahmed
New Contributor II

Is there any way is there to make a cert set as Always Trust in system keychain through JAMF? I have few devices where Zscaler cert is not set as Always Trust when the device got the certificate from Zscaler.

4 REPLIES 4

geoff_widdowson
Contributor II

Yes I've done this for Zscaler. Upload the cert you have installed on a device, into a Configuration Profile, on the certificatate payload. I have the tick box 'Allow all apps access' ticked. The cert will be deployed to any scoped devices and will show as Always Trust.

nachiket_s
New Contributor II

I have done this through a custom package using jamf composer

1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user

2) Use the following post install script when you create the package for pushing

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>

tlarue64
New Contributor II

I, too have used Composer to build a pkg to distribute and install .cer.  My sudo script is a bit different but basically the same as above.  My issue is that upon installation, I get the following error in /var/log/install.log

./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer

How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\ Support/JAMF/Waiting\ Room/" directory so i can run the sudo command?

 

tlarue64
New Contributor II

Gave up on distribution with pkg.  Used Configuration Profile and it worked great.

Thank you,