Help

Deploy internal SSL cert authority via Casper

brugger
New Contributor

Posted on ‎11-05-2012 09:50 AM

We are using an Astaro Security Gateway (ASG) firewall at our school. We would like to turn on the "Scan HTTPS (SSL) Traffic" setting. This places our ASG firewall as a man-in-the-middle of all HTTPS traffic. Doing so requires adding the ASG to each device (iOS & OSX) as a trusted certificate authority.

How can we leverage Casper to deploy an internal SSL cert authority to all iOS & OSX devices?

0 Kudos
Reply
4 REPLIES 4

jarednichols
Honored Contributor

Posted on ‎11-05-2012 10:29 AM

It's a 2 step process:

  1. You have a package that lays down the certificate file somewhere. /Library/Application Support/YourOrganization is a good spot.
  2. A script fires off that actually installs it: 
    #!/bin/sh
security add-trusted-cert -d -k /Library/Keychains/System.keychain /Library/Application Support/YourOrganization/NameOfCertificateFile.pem

Casper: Assisting your Big Brother DPI needs in a friendly and disarming way ;)

0 Kudos
Reply

brugger
New Contributor

Posted on ‎11-05-2012 10:32 AM

will that script install for multiple browsers?

0 Kudos
Reply

jarednichols
Honored Contributor

Posted on ‎11-05-2012 10:43 AM

That will install it to the OS's keychain. Any browser that uses the system keychain will work fine (Safari, Chrome).

Firefox has its own keystore and it's a PITA to get it in there. Look at CCK Wizard and deploying your own custom Firefox if that's the case.

0 Kudos
Reply

brugger
New Contributor

Posted on ‎11-05-2012 10:44 AM

Big brother thanks you! ;-)

0 Kudos
Reply