Skip to main content
Question

Adding certificates from Internal PKI

  • September 3, 2018
  • 1 reply
  • 1 view
J
Forum|alt.badge.img+7

Hi Guys,

We've just had a new Internal PKI service set up by our Security team and we're now starting to see certificates being generated to secure a number of our internal services.

These new certs will soon start to roll out to our Mac fleet and we want to be ready and get the Root and Intermediate certs deployed so that we minimise any certificate trust issues - question is how do we best get the Root and Intermediate pushed out to the Macs and ensure they are installed in the right place (i.e. System keychain etc.).

Anyone got any advice or horror stories to share?

Thanks

John

    1 reply

    M
    Forum|alt.badge.img+12
    • mschroder
    • Valued Contributor
    • 359 replies
    • September 3, 2018

    We have an extension attribute script that checks (via "security find-certificate") and reports whether the Root and Intermediate certs are installed.
    A smart group of the clients that don't have the certs trusted, and a policy with that smart group as target scope for installing and trusting the certs (via a script that uses curl to fetch and "security add-trusted-cert" to trust the certs).

    No horror stories so far, except for the usual cycles edit policy, switch to edit script switch to policy switch to smart group, switch to ... in the developmemt phase.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings