Jamf Nation Community

g1za · ‎01-09-2015

Working in a school provides various problems and since a filtering change i need to deploy our DC certificate to all the clients.

How can i deploy said certificate to all the clients?

Thanks in anticipation :)

daz_wallace · ‎01-09-2015

Hi @g1za,

If you're using an MDM and the clients can still be 'managed' then the simplest way would be to create a new Configuration Profile and make use of the built in 'Certificates' payload to push out your new certificate.

IF not, could you provide more details, such as if it is iOS or OS X you need to complete this task on?

Hope that helps!

Darren

g1za · ‎01-09-2015

Hi @daz_dar,

I have skimmed around it before being done as a MDM, but wouldn't know how to configure it properly and get it in place.
They are all managed clients on OS X 10.8.1

Thanks

daz_wallace · ‎01-09-2015

Hi @g1za

If it's OS X clients and you can't use an MDM, you can package and script the certificates being installed.

Create a package using your preferred solution that will:
1) Dump a copy of your new certificate to a temporary location. - I would recommend somewhere like /tmp which the OS clears out regularly / generally at reboot.

2) Create a post-flight script that runs the following command:

#!/bin/sh
security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "[path to the cert that is installed in step 1]"

( credit @rtrouton - https://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates-to-system-keychain...)

Now push this installer package out using Casper.

Darren

g1za · ‎01-09-2015

Great thanks Darren i'll try that now :)

Many thanks

daz_wallace · ‎01-09-2015

Just remember to test it on a few Macs first, just in case anything should go wrong!

Darren

Jamf Nation Community

Deploy DC certificate across all clients