Help

Any way to search Inventory for specific certificates installed on machines?

mwebb
New Contributor

Posted on ‎07-30-2012 07:54 AM

Hi All!

We are just in the process of upgrading our Casper to 8.6 from 8.1 - specifically for 10.8 support. To turn on the managed preferences portion of 10.7 / 10.8 support, we needed a valid certificate.

We have an AD environment, with '03 ISA servers for our CA, but I think we are wanting to go down the path of using the self signed certificate from the Apache / JSS server. We have a working package to install the root certificate into the system, and set trusted level.. but as an added precaution before we turn on certificate level auth, we would like to do a search of all the managed systems that have that certificate installed. We can see the installed certificates in the computer details --> Certificate, but there is no option for certificates when creating the advanced search criteria...

Any ideas? (Yes I know we could look at the logs for when the certificate package was sent down, just thought that if the info is already availble in the JSS, someone might be able to pull that data out)

0 Kudos
Reply
4 REPLIES 4

glutz
New Contributor III

Posted on ‎07-30-2012 10:58 AM

Did you install them as a package? you have package receipts that would tell you if and when it was installed and on who.

Create a Advanced Computer Search with the criteria of
"Packages Installed By Casper --> Has --> <package installed>"

0 Kudos
Reply

mpro
New Contributor II

Posted on ‎04-04-2014 02:01 PM

This is the closest thread to what I'm currently looking for. I have an AD Certificate that was pushed out through a Configuration Profile, but half have succeeded and half have failed. Currently, the JSS cannot give me a detailed report on which machines are under which status (successful, failed, or pending), and at over 100 devices, I can't confirm which ones succeeded and which ones failed easily. Does anyone else know if there is a way to search for and identify machines that have a specific certificate?

0 Kudos
Reply

pat_best
Contributor III

Posted on ‎04-04-2014 02:15 PM

My scripting is pretty weak, but couldn't an extension attribute be set up to read the presence of the certificate and a smart group created from there? You can use the certtool command to display cert information if you know the infilename. Maybe that can get you started? here is the man page for certtool: https://developer.apple.com/library/mac/Documentation/Darwin/Reference/ManPages/man1/certtool.1.html

0 Kudos
Reply

acdesigntech
Contributor II

Posted on ‎04-06-2014 02:40 PM

yes, use the security framework to check for the existence of xyz cert in the system keychain (assuming you're looking for a cert in the system keychain and not the user keychain)

0 Kudos
Reply