Hey all:
We are on an 802.1x network and pretty soon our client certificates are expiring and we need to cut over to new ones. I am trying to accomplish the cutover without any interruption to service.
GlobalSign is our certificate authority. Our systems have a globalsign Root CA certificate and what I would like to do is set that cert to be explicitly trusted for all users so that when we cut over (now and in the future as these certs expire every year) they don't have to accept client certificates. I have not found a great way to do this:
first thing I tried: On one machine, I marked the certificate as explicetly trusted within Keychain access then export the cert into a file. Created a config profile in the JSS and uploaded the cert then scoped the policy to a machine. Still get prompts
second thing i tried: Exported the cert like I did above but attempting to import it via the Security command line and telling it to be trusted (but just get an error reading file)
Anyone have thoughts on how to do this in an automated way?
