Skip to main content
Question

Adding Certs


Forum|alt.badge.img+6

Can I use Casper to add new security certificates for every Mac user? I want one to go to the Trusted CA container and the other to the Intermediate CA container. Preferably without any user involvement.

5 replies

Forum|alt.badge.img+16
  • Valued Contributor
  • 1002 replies
  • July 28, 2016

You can send them out using Configuration Profiles.


Forum|alt.badge.img+6
  • Author
  • Contributor
  • 23 replies
  • July 28, 2016

We haven't started using these yet and I think it would be a lot of work and testing to first create and use these. Is there another way?


Forum|alt.badge.img+16
  • Valued Contributor
  • 1002 replies
  • July 29, 2016

Yes, you can package up the .cer files in a .dmg using Composer, send them to the machine and then install them using a script.
I didn't write this particular script and we haven't used it for a while so this might be a bit out of date.
It was intended for the .cer files to be placed in /Library/Scripts/Certs and just looking at the for loop I am guessing it will fail if there are spaces in the filenames.

#!/bin/sh
for file in $(ls /Library/Scripts/Certs)
do
Echo "Adding $file"
if [[ $file == "YOUR_ROOT.cer" ]]; then
security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
else
security add-trusted-cert -d -r trustAsRoot -k "/Library/Keychains/System.keychain" "/Library/Scripts/Certs/$file"
fi
done

donmontalvo
Forum|alt.badge.img+36
  • Legendary Contributor
  • 4293 replies
  • July 29, 2016

Configuration Profiles = easy to manage


Forum|alt.badge.img+16
  • Honored Contributor
  • 1054 replies
  • July 29, 2016

All I had to do was upload our cert in the Configuration Profiles.... It worked 1st try...


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings