Adding Certs

jonathanla
New Contributor III

Can I use Casper to add new security certificates for every Mac user? I want one to go to the Trusted CA container and the other to the Intermediate CA container. Preferably without any user involvement.

5 REPLIES 5

Look
Valued Contributor III

You can send them out using Configuration Profiles.

jonathanla
New Contributor III

We haven't started using these yet and I think it would be a lot of work and testing to first create and use these. Is there another way?

Look
Valued Contributor III

Yes, you can package up the .cer files in a .dmg using Composer, send them to the machine and then install them using a script.
I didn't write this particular script and we haven't used it for a while so this might be a bit out of date.
It was intended for the .cer files to be placed in /Library/Scripts/Certs and just looking at the for loop I am guessing it will fail if there are spaces in the filenames.

#!/bin/sh
for file in $(ls /Library/Scripts/Certs)
do
Echo "Adding $file"
if [[ $file == "YOUR_ROOT.cer" ]]; then
security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
else
security add-trusted-cert -d -r trustAsRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
fi
done

donmontalvo
Esteemed Contributor III

Configuration Profiles = easy to manage

--
https://donmontalvo.com

gachowski
Valued Contributor II

All I had to do was upload our cert in the Configuration Profiles.... It worked 1st try...