Help

Adding Certs

jonathanla
New Contributor III

Posted on β€Ž07-28-2016 02:59 PM

Can I use Casper to add new security certificates for every Mac user? I want one to go to the Trusted CA container and the other to the Intermediate CA container. Preferably without any user involvement.

Labels:
0 Kudos
5 REPLIES 5

Look
Valued Contributor III

Posted on β€Ž07-28-2016 03:23 PM

You can send them out using Configuration Profiles.

0 Kudos

jonathanla
New Contributor III

Posted on β€Ž07-28-2016 04:27 PM

We haven't started using these yet and I think it would be a lot of work and testing to first create and use these. Is there another way?

0 Kudos

Look
Valued Contributor III

Posted on β€Ž07-28-2016 07:04 PM

Yes, you can package up the .cer files in a .dmg using Composer, send them to the machine and then install them using a script.
I didn't write this particular script and we haven't used it for a while so this might be a bit out of date.
It was intended for the .cer files to be placed in /Library/Scripts/Certs and just looking at the for loop I am guessing it will fail if there are spaces in the filenames.

#!/bin/sh
for file in $(ls /Library/Scripts/Certs)
do
Echo "Adding $file"
if [[ $file == "YOUR_ROOT.cer" ]]; then
security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
else
security add-trusted-cert -d -r trustAsRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
fi
done
0 Kudos

donmontalvo
Esteemed Contributor II

Posted on β€Ž07-28-2016 10:14 PM

Configuration Profiles = easy to manage

--
https://donmontalvo.com
0 Kudos

gachowski
Valued Contributor II

Posted on β€Ž07-29-2016 12:55 PM

All I had to do was upload our cert in the Configuration Profiles.... It worked 1st try...

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.